Chris Morgan  ›  Git  ›  sanitise-file-name  ›  blob
1.0.0
[sanitise-file-name] / tests / blns.silly-replace_with.sanitised
1 # Reserved Strings
2 #
3 # Strings which may be used elsewhere in code
4 _
5 undefined
6 undef
7 null
8 NULL
9 (null)
10 nil
11 NIL
12 true
13 false
14 True
15 False
16 TRUE
17 FALSE
18 None
19 hasOwnProperty
20 then
21 constructor
22 ]
23 ]]
24 _
25 # Numeric Strings
26 #
27 # Strings which can be interpreted as numeric
28 _
29 0
30 1
31 1.00
32 $1.00
33 102
34 1E2
35 1E02
36 1E+02
37 1
38 1.00
39 $1.00
40 102
41 1E2
42 1E02
43 1E+02
44 100
45 000
46 21474836480-1
47 92233720368547758080-1
48 0
49 0.0
50 +0
51 +0.0
52 0.00
53 0.0
54 _
55 0.0.0
56 0,00
57 0,,0
58 _
59 0,0,0
60 0.000
61 1.000.0
62 0.000.0
63 1,000,0
64 0,000,0
65 1
66 _
67 _
68 _
69 999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999
70 NaN
71 Infinity
72 Infinity
73 INF
74 1#INF
75 1#IND
76 1#QNAN
77 1#SNAN
78 1#IND
79 0x0
80 0xffffffff
81 0xffffffffffffffff
82 0xabad1dea
83 123456789012345678901234567890123456789
84 1,000.00
85 1 000.00
86 1'000.00
87 1,000,000.00
88 1 000 000.00
89 1'000'000.00
90 1.000,00
91 1 000,00
92 1'000,00
93 1.000.000,00
94 1 000 000,00
95 1'000'000,00
96 01000
97 08
98 09
99 2.2250738585072011e-308
100 _
101 # Special Characters
102 #
103 # ASCII punctuation.All of these characters may need to be escaped in some
104 # contexts. Divided into three groups based on (US-layout) keyboard position.
105 _
106 .0;'[]]-=
107 =?@;#{}}_+
108 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
109 =@@;#{}}_+
110 !@#$%^&+()`~
111 _
112 # Non-whitespace C0 controls; U+0001 through U+0008, U+000E through U+001F
113 # and U+007F (DEL)
114 # Often forbidden to appear in various text-based file formats (e.g.XML)
115 # or reused for internal delimiters on the theory that they should never
116 # appear in input.
117 # The next line may appear to be blank or mojibake in some viewers.
118 \ 2\ 3\ 4\ 5\ 6\a\b \ f\10\11\12\13\14\15\16\17\18\19\1a\e\1c\1d\1e\1f \80
119 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
120 \ 3\ 4\ 5\ 6\a\b \10\11\12\13\14\15\16\17\18\19\1a\e\1c\1d\1e\1f \81
121 _
122 # Non-whitespace C1 controls; U+0080 through U+0084 and U+0086 through U+009F.
123 # Commonly misinterpreted as additional graphic characters.
124 # The next line may appear to be blank, mojibake, or dingbats in some viewers.
125 \81\82\83\84\85\87\88\89\8a\8b\8c\8d\8e\8f\90\91\92\93\94\95\96\97\98\99\9a\9b\9c\9d\9e\9f 
126 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
127 \82\83\84\85 \88\89\8a\8b\8c\8d\8e\8f\90\91\92\93\94\95\96\97\98\99\9a\9b\9c\9d\9e\9f 
128 _
129 # Whitespace; all of the characters with category Zs, Zl, or Zp (in Unicode
130 # version 8.0.0), plus U+0009 (HT), U+000B (VT), U+000C (FF), U+0085 (NEL)
131 # and U+200B (ZERO WIDTH SPACE), which are in the C categories but are often
132 # treated as whitespace in some contexts.
133 # This file unfortunately cannot express strings containing
134 # U+0000, U+000A, or U+000D (NUL, LF, CR).
135 # The next line may appear to be blank or mojibake in some viewers.
136 # The next line may be flagged for #trailing whitespace# in some viewers.
137
138 _
139 # Unicode additional control characters; all of the characters with
140 # general category Cf (in Unicode 8.0.0).
141 # The next line may appear to be blank or mojibake in some viewers.
142 ­؀؁؂؃؄؅؜۝܏᠎​‌‍‎‏‫‬‭‮ ⁠⁡⁢⁣⁤⁧⁨⁩𑂽𛲠𛲡𛲢𛲣𝅳𝅴𝅵𝅶𝅷𝅸𝅹𝅺󠀁󠀠󠀡󠀢󠀣󠀤󠀥󠀦󠀧󠀨󠀩󠀪󠀫󠀬󠀭󠀮󠀯󠀰󠀱󠀲󠀳󠀴󠀵
143 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
144 ­؀؁؂؃؄؅؜۝܏᠎​‌‍‎‏‬‭‮  ⁠⁡⁢⁣⁤⁨⁩𑂽𛲠𛲡𛲢𛲣𝅳𝅴𝅵𝅶𝅷𝅸𝅹𝅺󠀁󠀠󠀡󠀢󠀣󠀤󠀥󠀦󠀧󠀨󠀩󠀪󠀫󠀬󠀭󠀮󠀯󠀰󠀱󠀲󠀳󠀴󠀵
145 _
146 # #Byte order marks#, U+FEFF and U+FFFE, each on its own line.
147 # The next two lines may appear to be blank or mojibake in some viewers.
148 
149
150 _
151 # Unicode Symbols
152 #
153 # Strings which contain common unicode symbols (e.g.smart quotes)
154 _
155 Ω≈ç√∫˜µ≤≥÷
156 åß∂ƒ©˙∆˚¬…æ
157 œ∑´®†¥¨ˆøπ“‘
158 ¡™£¢∞§¶•ªº–≠
159 ¸˛Ç◊ı˜Â¯˘¿
160 ÅÍÎÏ˝ÓÔÒÚÆ☃
161 Œ„´‰ˇÁ¨ˆØ∏”’
162 `⁄€‹›fifl‡°·‚—±
163 ⅛⅜⅝⅞
164 ЁЂЃЄЅІЇЈЉЊЋЌЍЎЏАБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯабвгдежзийклмнопрстуфхцчшщъыьэюя
165 ٠١٢٣٤٥٦٧٨٩
166 _
167 # Unicode Subscript0Superscript0Accents
168 #
169 # Strings which contain unicode subscripts0superscripts; can cause rendering issues
170 _
171 ⁰⁴⁵
172 ₀₁₂
173 ⁰⁴⁵₀₁₂
174 ด้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้
175 _
176 # Quotation Marks
177 #
178 # Strings which contain misplaced quotation marks; can cause encoding errors
179 _
180 '
181 #
182 ''
183 ##
184 '#'
185 #''''#'#
186 #'#'#''''#
187 =foo val=“bar” 0?
188 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
189 =foo val=“bar” 0@
190 =foo val=“bar” 0?
191 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
192 =foo val=“bar” 0@
193 =foo val=”bar“ 0?
194 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
195 =foo val=”bar“ 0@
196 =foo val=`bar' 0?
197 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
198 =foo val=`bar' 0@
199 _
200 # Two-Byte Characters
201 #
202 # Strings which contain two-byte characters; can cause rendering issues or character-length issues
203 _
204 田中さんにあげて下さい
205 パーティーへ行かないか
206 和製漢語
207 部落格
208 사회과학원 어학연구소
209 찦차를 타고 온 펲시맨과 쑛다리 똠방각하
210 社會科學院語學研究所
211 울란바토르
212 𠜎𠜱𠝹𠱓𠱸𠲖𠳏
213 _
214 # Strings which contain two-byte letters; can cause issues with naïve UTF-16 capitalizers which think that 16 bits == 1 character
215 _
216 𐐜 𐐔𐐇𐐝𐐀𐐡𐐇𐐓 𐐙𐐊𐐡𐐝𐐓0𐐝𐐇𐐗𐐊𐐤𐐔 𐐒𐐋𐐗 𐐒𐐌 𐐜 𐐡𐐀𐐖𐐇𐐤𐐓𐐝 𐐱𐑂 𐑄 𐐔𐐇𐐝𐐀𐐡𐐇𐐓 𐐏𐐆𐐅𐐤𐐆𐐚𐐊𐐡𐐝𐐆𐐓𐐆
217 _
218 # Special Unicode Characters Union
219 #
220 # A super string recommended by VMware Inc. Globalization Team; can effectively cause rendering issues or character-length issues to validate product globalization readiness.
221 #
222 # 表 CJK_UNIFIED_IDEOGRAPHS (U+8868)
223 # ポ KATAKANA LETTER PO (U+30DD)
224 # あ HIRAGANA LETTER A (U+3042)
225 # A LATIN CAPITAL LETTER A (U+0041)
226 # 鷗 CJK_UNIFIED_IDEOGRAPHS (U+9DD7)
227 # ΠLATIN SMALL LIGATURE OE (U+0153)
228 # é LATIN SMALL LETTER E WITH ACUTE (U+00E9)
229 # B FULLWIDTH LATIN CAPITAL LETTER B (U+FF22)
230 # 逍 CJK_UNIFIED_IDEOGRAPHS (U+900D)
231 # Ü LATIN SMALL LETTER U WITH DIAERESIS (U+00FC)
232 # ß LATIN SMALL LETTER SHARP S (U+00DF)
233 # ª FEMININE ORDINAL INDICATOR (U+00AA)
234 # ą LATIN SMALL LETTER A WITH OGONEK (U+0105)
235 # ñ LATIN SMALL LETTER N WITH TILDE (U+00F1)
236 # 丂 CJK_UNIFIED_IDEOGRAPHS (U+4E02)
237 # 㐀 CJK Ideograph Extension A, First (U+3400)
238 # 𠀀 CJK Ideograph Extension B, First (U+20000)
239 _
240 表ポあA鷗ŒéB逍Üߪąñ丂㐀𠀀
241 _
242 # Changing length when lowercased
243 #
244 # Characters which increase in length (2 to 3 bytes) when lowercased
245 # Credit; https;00twitter.com0jifa0status0625776454479970304
246 _
247 Ⱥ
248 Ⱦ
249 _
250 # Japanese Emoticons
251 #
252 # Strings which consists of Japanese-style emoticons which are popular on the web
253 _
254 ヽ༼ຈل͜ຈ༽ノ ヽ༼ຈل͜ຈ༽ノ
255 (。◕ ∀ ◕。)
256 `ィ(´∀`∩
257 ロ(,_,+)
258 ・( ̄∀ ̄)・;+
259 ゚・✿ヾ╲(。◕‿◕。)╱✿・゚
260 。・;+;・゜’( ☻ ω ☻ )。・;+;・゜’
261 (╯°□°)╯︵ ┻━┻)
262 (ノಥ益ಥ)ノ ┻━┻
263 ┬─┬ノ( º _ ºノ)
264 ( ͡° ͜ʖ ͡°)
265 ¯]_(ツ)_0¯
266 _
267 # Emoji
268 #
269 # Strings which contain Emoji; should be the same behavior as two-byte characters, but not always
270 _
271 😍
272 👩🏽
273 👨‍🦰 👨🏿‍🦰 👨‍🦱 👨🏿‍🦱 🦹🏿‍♂️
274 👾 🙇 💁 🙅 🙆 🙋 🙎 🙍
275 🐵 🙈 🙉 🙊
276 ❤️ 💔 💌 💕 💞 💓 💗 💖 💘 💝 💟 💜 💛 💚 💙
277 ✋🏿 💪🏿 👐🏿 🙌🏿 👏🏿 🙏🏿
278 👨‍👩‍👦 👨‍👩‍👧‍👦 👨‍👨‍👦 👩‍👩‍👧 👨‍👦 👨‍👧‍👦 👩‍👦 👩‍👧‍👦
279 🚾 🆒 🆓 🆕 🆖 🆗 🆙 🏧
280 0️⃣ 1️⃣ 2️⃣ 3️⃣ 4️⃣ 5️⃣ 6️⃣ 7️⃣ 8️⃣ 9️⃣ 🔟
281 _
282 # Regional Indicator Symbols
283 #
284 # Regional Indicator Symbols can be displayed differently across
285 # fonts, and have a number of special behaviors
286 _
287 🇺🇸🇷🇺🇸 🇦🇫🇦🇲🇸
288 🇺🇸🇷🇺🇸🇦🇫🇦🇲
289 🇺🇸🇷🇺🇸🇦
290 _
291 # Unicode Numbers
292 #
293 # Strings which contain unicode numbers; if the code is localized, it should see the input as numeric
294 _
295 123
296 ١٢٣
297 _
298 # Right-To-Left Strings
299 #
300 # Strings which contain text that should be rendered RTL if possible (e.g.Arabic, Hebrew)
301 _
302 ثم نفس سقطت وبالتحديد،, جزيرتي باستخدام أن دنو. إذ هنا؟ الستار وتنصيب كان. أهّل ايطاليا، بريطانيا-فرنسا قد أخذ. سليمان، إتفاقية بين ما, يذكر.
303 בְּרֵאשִׁית, בָּרָא אֱלֹהִים, אֵת הַשָּׁמַיִם, וְאֵת הָאָרֶץ
304 הָיְתָהtestالصفحات التّحول
305
306
307 مُنَاقَشَةُ سُبُلِ اِسْتِخْدَامِ اللُّغَةِ فِي النُّظُمِ الْقَائِمَةِ وَفِيم يَخُصَّ التَّطْبِيقَاتُ الْحاسُوبِيَّةُ،
308 الكل في المجمو عة (5)
309 _
310 # Ogham Text
311 #
312 # The only unicode alphabet to use a space which isn't empty but should still act like a space.
313 _
314 ᚛ᚄᚓᚐᚋᚒᚄ ᚑᚄᚂᚑᚏᚅ᚜
315 ᚛ ᚜
316 _
317 # Trick Unicode
318 #
319 # Strings which contain unicode with unusual properties (e.g. Right-to-left override) (c.f. http;00www.unicode.org0charts0PDF0U2000.pdf)
320 _
321 ‫‫test‫
322 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
323 ‬‬test‬
324 ‬test‬
325 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
326 ‭test‭
327 test
328 test⁠test‬
329 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
330 test⁠test‭
331 ⁧test⁨
332 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
333 ⁨test⁩
334 _
335 # Zalgo Text
336 #
337 # Strings which contain #corrupted# text. The corruption will not appear in non-HTML text, however. (via http;00www.eeemo.net)
338 _
339 Ṱ̺̺̕o͞ ̷i̲̬͇̪͙n̝̗͕v̟̜̘̦͟o̶̙̰̠kè͚̮̺̪̹̱̤ ̖t̝͕̳̣̻̪͞h̼͓̲̦̳̘̲e͇̣̰̦̬͎ ̢̼̻̱̘h͚͎͙̜̣̲ͅi̦̲̣̰̤v̻͍e̺̭̳̪̰-m̢iͅn̖̺̞̲̯̰d̵̼̟͙̩̼̘̳ ̞̥̱̳̭r̛̗̘e͙p͠r̼̞̻̭̗e̺̠.̨̹͈̣
340 ̡͓̞ͅI̗̘̦͝n͇͇͙v̮̫ok̲̫̙͈i̖͙̭̹̠̞n̡̻̮̣̺g̲͈͙̭͙̬͎ ̰t͔̦h̞̲e̢̤ ͍̬̲͖f̴̘͕̣è͖ẹ̥̩l͖͔͚i͓͚̦͠n͖͍̗͓̳̮g͍ ̨o͚̪͡f̘̣̬ ̖̘͖̟͙̮c҉͔̫͖͓͇͖ͅh̵̤̣͚͔á̗̼͕ͅo̼̣̥s̱͈̺̖.̛̖̞̠̫̰
341 ̗̺͖̹̯͓Ṯ̤͍̥͇͈h̲́e͏͓̼̗̙̼̣͔ ͇̜̱̠͓͍ͅN͕͠e̗̱z̘̝̜̺͙p̤̺̹͍̯͚e̠̻̠͜r̨̤͍̺̖͔̖̖d̠̟̭̬̝͟i̦͖̩͓͔̤a̠̗̬͉̙n͚͜ ̻̞̰͚ͅh̵͉i̳̞v̢͇ḙ͎͟-҉̭̩̼͔m̤̭̫i͕͇̝̦n̗͙ḍ̟ ̯̲͕͞ǫ̟̯̰.̟
342 ̦H̬̤̗̤͝e͜ ̜̥̝̻͍̟́w̕h̖̯͓o̝͙̖͎̱̮ ҉̺̙̞̟͈W̷̼̭a̺̪͍į͈͕̭͙̯̜t̶̼̮s̘͙͖̕ ̠̫̠B̻͍͙͉̳ͅe̵h̵̬͇̫͙i̹͓̳̳̮͎̫̕n͟d̴̪̜̖ ̰͉̩͇͙̲͞ͅT͖̼͓̪͢h͏͓̮̻e̬̝̟ͅ ̤̹̝W͙̞̝͔͇͝ͅa͏͓͔̹.͕
343 Z̮̞̠͙͔ͅḀ̗̞͈̻̗Ḷ͙͎̯̹̞͓G̻O̭̗̮
344 _
345 # Unicode Upsidedown
346 #
347 # Strings which contain unicode with an #upsidedown# effect (via http;00www.upsidedowntext.com)
348 _
349 ˙ɐnbᴉlɐ ɐuƃɐɯ ǝɹolop ʇǝ ǝɹoqɐl ʇn ʇunpᴉpᴉɔuᴉ ɹodɯǝʇ poɯsnᴉǝ op pǝs 'ʇᴉlǝ ƃuᴉɔsᴉdᴉpɐ ɹnʇǝʇɔǝsuoɔ 'ʇǝɯɐ ʇᴉs ɹolop ɯnsdᴉ ɯǝɹo˥
350 00˙Ɩ$
351 _
352 # Unicode font
353 #
354 # Strings which contain bold0italic0etc.versions of normal characters
355 _
356 The quick brown fox jumps over the lazy dog
357 𝐓𝐡𝐞 𝐪𝐮𝐢𝐜𝐤 𝐛𝐫𝐨𝐰𝐧 𝐟𝐨𝐱 𝐣𝐮𝐦𝐩𝐬 𝐨𝐯𝐞𝐫 𝐭𝐡𝐞 𝐥𝐚𝐳𝐲 𝐝𝐨𝐠
358 𝕿𝖍𝖊 𝖖𝖚𝖎𝖈𝖐 𝖇𝖗𝖔𝖜𝖓 𝖋𝖔𝖝 𝖏𝖚𝖒𝖕𝖘 𝖔𝖛𝖊𝖗 𝖙𝖍𝖊 𝖑𝖆𝖟𝖞 𝖉𝖔𝖌
359 𝑻𝒉𝒆 𝒒𝒖𝒊𝒄𝒌 𝒃𝒓𝒐𝒘𝒏 𝒇𝒐𝒙 𝒋𝒖𝒎𝒑𝒔 𝒐𝒗𝒆𝒓 𝒕𝒉𝒆 𝒍𝒂𝒛𝒚 𝒅𝒐𝒈
360 𝓣𝓱𝓮 𝓺𝓾𝓲𝓬𝓴 𝓫𝓻𝓸𝔀𝓷 𝓯𝓸𝔁 𝓳𝓾𝓶𝓹𝓼 𝓸𝓿𝓮𝓻 𝓽𝓱𝓮 𝓵𝓪𝔃𝔂 𝓭𝓸𝓰
361 𝕋𝕙𝕖 𝕢𝕦𝕚𝕔𝕜 𝕓𝕣𝕠𝕨𝕟 𝕗𝕠𝕩 𝕛𝕦𝕞𝕡𝕤 𝕠𝕧𝕖𝕣 𝕥𝕙𝕖 𝕝𝕒𝕫𝕪 𝕕𝕠𝕘
362 𝚃𝚑𝚎 𝚚𝚞𝚒𝚌𝚔 𝚋𝚛𝚘𝚠𝚗 𝚏𝚘𝚡 𝚓𝚞𝚖𝚙𝚜 𝚘𝚟𝚎𝚛 𝚝𝚑𝚎 𝚕𝚊𝚣𝚢 𝚍𝚘𝚐
363 ⒯⒣⒠ ⒬⒰⒤⒞⒦ ⒝⒭⒪⒲⒩ ⒡⒪⒳ ⒥⒰⒨⒫⒮ ⒪⒱⒠⒭ ⒯⒣⒠ ⒧⒜⒵⒴ ⒟⒪⒢
364 _
365 # Script Injection
366 #
367 # Strings which attempt to invoke a benign script injection; shows vulnerability to XSS
368 _
369 =script?alert(0)=0script?
370 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
371 =script@alert(0)=0script@
372 <script>alert('1');<0script&gt
373 =img src=x onerror=alert(2) 0?
374 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
375 =img src=x onerror=alert(2) 0@
376 =svg?=script?123=1?alert(3)=0script?
377 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
378 =svg@=script@123=1@alert(3)=0script@
379 #?=script?alert(4)=0script?
380 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
381 #@=script@alert(4)=0script@
382 '?=script?alert(5)=0script?
383 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
384 '@=script@alert(5)=0script@
385 ?=script?alert(6)=0script?
386 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
387 @=script@alert(6)=0script@
388 =0script?=script?alert(7)=0script?
389 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
390 =0script@=script@alert(7)=0script@
391 = 0 script ?= script ?alert(8)= 0 script ?
392 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
393 = 0 script @= script @alert(8)= 0 script @
394 onfocus=JaVaSCript;alert(9) autofocus
395 # onfocus=JaVaSCript;alert(10) autofocus
396 ' onfocus=JaVaSCript;alert(11) autofocus
397 <script>alert(12)<0script>
398 =sc=script?ript?alert(13)=0sc=0script?ript?
399 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
400 =sc=script@ript@alert(13)=0sc=0script@ript@
401 ?=script?alert(14)=0script?
402 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
403 @=script@alert(14)=0script@
404 #;alert(15);t=#
405 ';alert(16);t='
406 JavaSCript;alert(17)
407 alert(18)
408 src=JaVaSCript;prompt(19)
409 #?=script?alert(20);=0script x=#
410 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
411 #@=script@alert(20);=0script x=#
412 '?=script?alert(21);=0script x='
413 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
414 '@=script@alert(21);=0script x='
415 ?=script?alert(22);=0script x=
416 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
417 @=script@alert(22);=0script x=
418 # autofocus onkeyup=#javascript;alert(23)
419 ' autofocus onkeyup='javascript;alert(24)
420 =script]x20type=#text0javascript#?javascript;alert(25);=0script?
421 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
422 =script]x20type=#text0javascript#@javascript;alert(25);=0script@
423 =script]x3Etype=#text0javascript#?javascript;alert(26);=0script?
424 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
425 =script]x3Etype=#text0javascript#@javascript;alert(26);=0script@
426 =script]x0Dtype=#text0javascript#?javascript;alert(27);=0script?
427 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
428 =script]x0Dtype=#text0javascript#@javascript;alert(27);=0script@
429 =script]x09type=#text0javascript#?javascript;alert(28);=0script?
430 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
431 =script]x09type=#text0javascript#@javascript;alert(28);=0script@
432 =script]x0Ctype=#text0javascript#?javascript;alert(29);=0script?
433 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
434 =script]x0Ctype=#text0javascript#@javascript;alert(29);=0script@
435 =script]x2Ftype=#text0javascript#?javascript;alert(30);=0script?
436 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
437 =script]x2Ftype=#text0javascript#@javascript;alert(30);=0script@
438 =script]x0Atype=#text0javascript#?javascript;alert(31);=0script?
439 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
440 =script]x0Atype=#text0javascript#@javascript;alert(31);=0script@
441 '`#?=]x3Cscript?javascript;alert(32)=0script?
442 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
443 '`#@=]x3Cscript@javascript;alert(32)=0script@
444 '`#?=]x00script?javascript;alert(33)=0script?
445 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
446 '`#@=]x00script@javascript;alert(33)=0script@
447 ABC=div style=#x]x3Aexpression(javascript;alert(34)#?DEF
448 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
449 ABC=div style=#x]x3Aexpression(javascript;alert(34)#@DEF
450 ABC=div style=#x;expression]x5C(javascript;alert(35)#?DEF
451 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
452 ABC=div style=#x;expression]x5C(javascript;alert(35)#@DEF
453 ABC=div style=#x;expression]x00(javascript;alert(36)#?DEF
454 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
455 ABC=div style=#x;expression]x00(javascript;alert(36)#@DEF
456 ABC=div style=#x;exp]x00ression(javascript;alert(37)#?DEF
457 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
458 ABC=div style=#x;exp]x00ression(javascript;alert(37)#@DEF
459 ABC=div style=#x;exp]x5Cression(javascript;alert(38)#?DEF
460 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
461 ABC=div style=#x;exp]x5Cression(javascript;alert(38)#@DEF
462 ABC=div style=#x;]x0Aexpression(javascript;alert(39)#?DEF
463 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
464 ABC=div style=#x;]x0Aexpression(javascript;alert(39)#@DEF
465 ABC=div style=#x;]x09expression(javascript;alert(40)#?DEF
466 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
467 ABC=div style=#x;]x09expression(javascript;alert(40)#@DEF
468 ABC=div style=#x;]xE3]x80]x80expression(javascript;alert(41)#?DEF
469 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
470 ABC=div style=#x;]xE3]x80]x80expression(javascript;alert(41)#@DEF
471 ABC=div style=#x;]xE2]x80]x84expression(javascript;alert(42)#?DEF
472 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
473 ABC=div style=#x;]xE2]x80]x84expression(javascript;alert(42)#@DEF
474 ABC=div style=#x;]xC2]xA0expression(javascript;alert(43)#?DEF
475 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
476 ABC=div style=#x;]xC2]xA0expression(javascript;alert(43)#@DEF
477 ABC=div style=#x;]xE2]x80]x80expression(javascript;alert(44)#?DEF
478 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
479 ABC=div style=#x;]xE2]x80]x80expression(javascript;alert(44)#@DEF
480 ABC=div style=#x;]xE2]x80]x8Aexpression(javascript;alert(45)#?DEF
481 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
482 ABC=div style=#x;]xE2]x80]x8Aexpression(javascript;alert(45)#@DEF
483 ABC=div style=#x;]x0Dexpression(javascript;alert(46)#?DEF
484 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
485 ABC=div style=#x;]x0Dexpression(javascript;alert(46)#@DEF
486 ABC=div style=#x;]x0Cexpression(javascript;alert(47)#?DEF
487 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
488 ABC=div style=#x;]x0Cexpression(javascript;alert(47)#@DEF
489 ABC=div style=#x;]xE2]x80]x87expression(javascript;alert(48)#?DEF
490 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
491 ABC=div style=#x;]xE2]x80]x87expression(javascript;alert(48)#@DEF
492 ABC=div style=#x;]xEF]xBB]xBFexpression(javascript;alert(49)#?DEF
493 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
494 ABC=div style=#x;]xEF]xBB]xBFexpression(javascript;alert(49)#@DEF
495 ABC=div style=#x;]x20expression(javascript;alert(50)#?DEF
496 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
497 ABC=div style=#x;]x20expression(javascript;alert(50)#@DEF
498 ABC=div style=#x;]xE2]x80]x88expression(javascript;alert(51)#?DEF
499 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
500 ABC=div style=#x;]xE2]x80]x88expression(javascript;alert(51)#@DEF
501 ABC=div style=#x;]x00expression(javascript;alert(52)#?DEF
502 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
503 ABC=div style=#x;]x00expression(javascript;alert(52)#@DEF
504 ABC=div style=#x;]xE2]x80]x8Bexpression(javascript;alert(53)#?DEF
505 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
506 ABC=div style=#x;]xE2]x80]x8Bexpression(javascript;alert(53)#@DEF
507 ABC=div style=#x;]xE2]x80]x86expression(javascript;alert(54)#?DEF
508 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
509 ABC=div style=#x;]xE2]x80]x86expression(javascript;alert(54)#@DEF
510 ABC=div style=#x;]xE2]x80]x85expression(javascript;alert(55)#?DEF
511 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
512 ABC=div style=#x;]xE2]x80]x85expression(javascript;alert(55)#@DEF
513 ABC=div style=#x;]xE2]x80]x82expression(javascript;alert(56)#?DEF
514 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
515 ABC=div style=#x;]xE2]x80]x82expression(javascript;alert(56)#@DEF
516 ABC=div style=#x;]x0Bexpression(javascript;alert(57)#?DEF
517 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
518 ABC=div style=#x;]x0Bexpression(javascript;alert(57)#@DEF
519 ABC=div style=#x;]xE2]x80]x81expression(javascript;alert(58)#?DEF
520 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
521 ABC=div style=#x;]xE2]x80]x81expression(javascript;alert(58)#@DEF
522 ABC=div style=#x;]xE2]x80]x83expression(javascript;alert(59)#?DEF
523 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
524 ABC=div style=#x;]xE2]x80]x83expression(javascript;alert(59)#@DEF
525 ABC=div style=#x;]xE2]x80]x89expression(javascript;alert(60)#?DEF
526 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
527 ABC=div style=#x;]xE2]x80]x89expression(javascript;alert(60)#@DEF
528 =a href=#]x0Bjavascript;javascript;alert(61)# id=#fuzzelement1#?test=0a?
529 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
530 =a href=#]x0Bjavascript;javascript;alert(61)# id=#fuzzelement1#@test=0a@
531 =a href=#]x0Fjavascript;javascript;alert(62)# id=#fuzzelement1#?test=0a?
532 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
533 =a href=#]x0Fjavascript;javascript;alert(62)# id=#fuzzelement1#@test=0a@
534 =a href=#]xC2]xA0javascript;javascript;alert(63)# id=#fuzzelement1#?test=0a?
535 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
536 =a href=#]xC2]xA0javascript;javascript;alert(63)# id=#fuzzelement1#@test=0a@
537 =a href=#]x05javascript;javascript;alert(64)# id=#fuzzelement1#?test=0a?
538 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
539 =a href=#]x05javascript;javascript;alert(64)# id=#fuzzelement1#@test=0a@
540 =a href=#]xE1]xA0]x8Ejavascript;javascript;alert(65)# id=#fuzzelement1#?test=0a?
541 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
542 =a href=#]xE1]xA0]x8Ejavascript;javascript;alert(65)# id=#fuzzelement1#@test=0a@
543 =a href=#]x18javascript;javascript;alert(66)# id=#fuzzelement1#?test=0a?
544 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
545 =a href=#]x18javascript;javascript;alert(66)# id=#fuzzelement1#@test=0a@
546 =a href=#]x11javascript;javascript;alert(67)# id=#fuzzelement1#?test=0a?
547 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
548 =a href=#]x11javascript;javascript;alert(67)# id=#fuzzelement1#@test=0a@
549 =a href=#]xE2]x80]x88javascript;javascript;alert(68)# id=#fuzzelement1#?test=0a?
550 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
551 =a href=#]xE2]x80]x88javascript;javascript;alert(68)# id=#fuzzelement1#@test=0a@
552 =a href=#]xE2]x80]x89javascript;javascript;alert(69)# id=#fuzzelement1#?test=0a?
553 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
554 =a href=#]xE2]x80]x89javascript;javascript;alert(69)# id=#fuzzelement1#@test=0a@
555 =a href=#]xE2]x80]x80javascript;javascript;alert(70)# id=#fuzzelement1#?test=0a?
556 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
557 =a href=#]xE2]x80]x80javascript;javascript;alert(70)# id=#fuzzelement1#@test=0a@
558 =a href=#]x17javascript;javascript;alert(71)# id=#fuzzelement1#?test=0a?
559 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
560 =a href=#]x17javascript;javascript;alert(71)# id=#fuzzelement1#@test=0a@
561 =a href=#]x03javascript;javascript;alert(72)# id=#fuzzelement1#?test=0a?
562 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
563 =a href=#]x03javascript;javascript;alert(72)# id=#fuzzelement1#@test=0a@
564 =a href=#]x0Ejavascript;javascript;alert(73)# id=#fuzzelement1#?test=0a?
565 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
566 =a href=#]x0Ejavascript;javascript;alert(73)# id=#fuzzelement1#@test=0a@
567 =a href=#]x1Ajavascript;javascript;alert(74)# id=#fuzzelement1#?test=0a?
568 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
569 =a href=#]x1Ajavascript;javascript;alert(74)# id=#fuzzelement1#@test=0a@
570 =a href=#]x00javascript;javascript;alert(75)# id=#fuzzelement1#?test=0a?
571 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
572 =a href=#]x00javascript;javascript;alert(75)# id=#fuzzelement1#@test=0a@
573 =a href=#]x10javascript;javascript;alert(76)# id=#fuzzelement1#?test=0a?
574 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
575 =a href=#]x10javascript;javascript;alert(76)# id=#fuzzelement1#@test=0a@
576 =a href=#]xE2]x80]x82javascript;javascript;alert(77)# id=#fuzzelement1#?test=0a?
577 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
578 =a href=#]xE2]x80]x82javascript;javascript;alert(77)# id=#fuzzelement1#@test=0a@
579 =a href=#]x20javascript;javascript;alert(78)# id=#fuzzelement1#?test=0a?
580 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
581 =a href=#]x20javascript;javascript;alert(78)# id=#fuzzelement1#@test=0a@
582 =a href=#]x13javascript;javascript;alert(79)# id=#fuzzelement1#?test=0a?
583 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
584 =a href=#]x13javascript;javascript;alert(79)# id=#fuzzelement1#@test=0a@
585 =a href=#]x09javascript;javascript;alert(80)# id=#fuzzelement1#?test=0a?
586 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
587 =a href=#]x09javascript;javascript;alert(80)# id=#fuzzelement1#@test=0a@
588 =a href=#]xE2]x80]x8Ajavascript;javascript;alert(81)# id=#fuzzelement1#?test=0a?
589 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
590 =a href=#]xE2]x80]x8Ajavascript;javascript;alert(81)# id=#fuzzelement1#@test=0a@
591 =a href=#]x14javascript;javascript;alert(82)# id=#fuzzelement1#?test=0a?
592 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
593 =a href=#]x14javascript;javascript;alert(82)# id=#fuzzelement1#@test=0a@
594 =a href=#]x19javascript;javascript;alert(83)# id=#fuzzelement1#?test=0a?
595 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
596 =a href=#]x19javascript;javascript;alert(83)# id=#fuzzelement1#@test=0a@
597 =a href=#]xE2]x80]xAFjavascript;javascript;alert(84)# id=#fuzzelement1#?test=0a?
598 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
599 =a href=#]xE2]x80]xAFjavascript;javascript;alert(84)# id=#fuzzelement1#@test=0a@
600 =a href=#]x1Fjavascript;javascript;alert(85)# id=#fuzzelement1#?test=0a?
601 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
602 =a href=#]x1Fjavascript;javascript;alert(85)# id=#fuzzelement1#@test=0a@
603 =a href=#]xE2]x80]x81javascript;javascript;alert(86)# id=#fuzzelement1#?test=0a?
604 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
605 =a href=#]xE2]x80]x81javascript;javascript;alert(86)# id=#fuzzelement1#@test=0a@
606 =a href=#]x1Djavascript;javascript;alert(87)# id=#fuzzelement1#?test=0a?
607 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
608 =a href=#]x1Djavascript;javascript;alert(87)# id=#fuzzelement1#@test=0a@
609 =a href=#]xE2]x80]x87javascript;javascript;alert(88)# id=#fuzzelement1#?test=0a?
610 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
611 =a href=#]xE2]x80]x87javascript;javascript;alert(88)# id=#fuzzelement1#@test=0a@
612 =a href=#]x07javascript;javascript;alert(89)# id=#fuzzelement1#?test=0a?
613 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
614 =a href=#]x07javascript;javascript;alert(89)# id=#fuzzelement1#@test=0a@
615 =a href=#]xE1]x9A]x80javascript;javascript;alert(90)# id=#fuzzelement1#?test=0a?
616 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
617 =a href=#]xE1]x9A]x80javascript;javascript;alert(90)# id=#fuzzelement1#@test=0a@
618 =a href=#]xE2]x80]x83javascript;javascript;alert(91)# id=#fuzzelement1#?test=0a?
619 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
620 =a href=#]xE2]x80]x83javascript;javascript;alert(91)# id=#fuzzelement1#@test=0a@
621 =a href=#]x04javascript;javascript;alert(92)# id=#fuzzelement1#?test=0a?
622 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
623 =a href=#]x04javascript;javascript;alert(92)# id=#fuzzelement1#@test=0a@
624 =a href=#]x01javascript;javascript;alert(93)# id=#fuzzelement1#?test=0a?
625 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
626 =a href=#]x01javascript;javascript;alert(93)# id=#fuzzelement1#@test=0a@
627 =a href=#]x08javascript;javascript;alert(94)# id=#fuzzelement1#?test=0a?
628 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
629 =a href=#]x08javascript;javascript;alert(94)# id=#fuzzelement1#@test=0a@
630 =a href=#]xE2]x80]x84javascript;javascript;alert(95)# id=#fuzzelement1#?test=0a?
631 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
632 =a href=#]xE2]x80]x84javascript;javascript;alert(95)# id=#fuzzelement1#@test=0a@
633 =a href=#]xE2]x80]x86javascript;javascript;alert(96)# id=#fuzzelement1#?test=0a?
634 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
635 =a href=#]xE2]x80]x86javascript;javascript;alert(96)# id=#fuzzelement1#@test=0a@
636 =a href=#]xE3]x80]x80javascript;javascript;alert(97)# id=#fuzzelement1#?test=0a?
637 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
638 =a href=#]xE3]x80]x80javascript;javascript;alert(97)# id=#fuzzelement1#@test=0a@
639 =a href=#]x12javascript;javascript;alert(98)# id=#fuzzelement1#?test=0a?
640 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
641 =a href=#]x12javascript;javascript;alert(98)# id=#fuzzelement1#@test=0a@
642 =a href=#]x0Djavascript;javascript;alert(99)# id=#fuzzelement1#?test=0a?
643 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
644 =a href=#]x0Djavascript;javascript;alert(99)# id=#fuzzelement1#@test=0a@
645 =a href=#]x0Ajavascript;javascript;alert(100)# id=#fuzzelement1#?test=0a?
646 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
647 =a href=#]x0Ajavascript;javascript;alert(100)# id=#fuzzelement1#@test=0a@
648 =a href=#]x0Cjavascript;javascript;alert(101)# id=#fuzzelement1#?test=0a?
649 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
650 =a href=#]x0Cjavascript;javascript;alert(101)# id=#fuzzelement1#@test=0a@
651 =a href=#]x15javascript;javascript;alert(102)# id=#fuzzelement1#?test=0a?
652 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
653 =a href=#]x15javascript;javascript;alert(102)# id=#fuzzelement1#@test=0a@
654 =a href=#]xE2]x80]xA8javascript;javascript;alert(103)# id=#fuzzelement1#?test=0a?
655 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
656 =a href=#]xE2]x80]xA8javascript;javascript;alert(103)# id=#fuzzelement1#@test=0a@
657 =a href=#]x16javascript;javascript;alert(104)# id=#fuzzelement1#?test=0a?
658 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
659 =a href=#]x16javascript;javascript;alert(104)# id=#fuzzelement1#@test=0a@
660 =a href=#]x02javascript;javascript;alert(105)# id=#fuzzelement1#?test=0a?
661 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
662 =a href=#]x02javascript;javascript;alert(105)# id=#fuzzelement1#@test=0a@
663 =a href=#]x1Bjavascript;javascript;alert(106)# id=#fuzzelement1#?test=0a?
664 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
665 =a href=#]x1Bjavascript;javascript;alert(106)# id=#fuzzelement1#@test=0a@
666 =a href=#]x06javascript;javascript;alert(107)# id=#fuzzelement1#?test=0a?
667 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
668 =a href=#]x06javascript;javascript;alert(107)# id=#fuzzelement1#@test=0a@
669 =a href=#]xE2]x80]xA9javascript;javascript;alert(108)# id=#fuzzelement1#?test=0a?
670 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
671 =a href=#]xE2]x80]xA9javascript;javascript;alert(108)# id=#fuzzelement1#@test=0a@
672 =a href=#]xE2]x80]x85javascript;javascript;alert(109)# id=#fuzzelement1#?test=0a?
673 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
674 =a href=#]xE2]x80]x85javascript;javascript;alert(109)# id=#fuzzelement1#@test=0a@
675 =a href=#]x1Ejavascript;javascript;alert(110)# id=#fuzzelement1#?test=0a?
676 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
677 =a href=#]x1Ejavascript;javascript;alert(110)# id=#fuzzelement1#@test=0a@
678 =a href=#]xE2]x81]x9Fjavascript;javascript;alert(111)# id=#fuzzelement1#?test=0a?
679 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
680 =a href=#]xE2]x81]x9Fjavascript;javascript;alert(111)# id=#fuzzelement1#@test=0a@
681 =a href=#]x1Cjavascript;javascript;alert(112)# id=#fuzzelement1#?test=0a?
682 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
683 =a href=#]x1Cjavascript;javascript;alert(112)# id=#fuzzelement1#@test=0a@
684 =a href=#javascript]x00;javascript;alert(113)# id=#fuzzelement1#?test=0a?
685 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
686 =a href=#javascript]x00;javascript;alert(113)# id=#fuzzelement1#@test=0a@
687 =a href=#javascript]x3A;javascript;alert(114)# id=#fuzzelement1#?test=0a?
688 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
689 =a href=#javascript]x3A;javascript;alert(114)# id=#fuzzelement1#@test=0a@
690 =a href=#javascript]x09;javascript;alert(115)# id=#fuzzelement1#?test=0a?
691 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
692 =a href=#javascript]x09;javascript;alert(115)# id=#fuzzelement1#@test=0a@
693 =a href=#javascript]x0D;javascript;alert(116)# id=#fuzzelement1#?test=0a?
694 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
695 =a href=#javascript]x0D;javascript;alert(116)# id=#fuzzelement1#@test=0a@
696 =a href=#javascript]x0A;javascript;alert(117)# id=#fuzzelement1#?test=0a?
697 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
698 =a href=#javascript]x0A;javascript;alert(117)# id=#fuzzelement1#@test=0a@
699 `#'?=img src=xxx;x ]x0Aonerror=javascript;alert(118)?
700 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
701 `#'@=img src=xxx;x ]x0Aonerror=javascript;alert(118)@
702 `#'?=img src=xxx;x ]x22onerror=javascript;alert(119)?
703 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
704 `#'@=img src=xxx;x ]x22onerror=javascript;alert(119)@
705 `#'?=img src=xxx;x ]x0Bonerror=javascript;alert(120)?
706 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
707 `#'@=img src=xxx;x ]x0Bonerror=javascript;alert(120)@
708 `#'?=img src=xxx;x ]x0Donerror=javascript;alert(121)?
709 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
710 `#'@=img src=xxx;x ]x0Donerror=javascript;alert(121)@
711 `#'?=img src=xxx;x ]x2Fonerror=javascript;alert(122)?
712 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
713 `#'@=img src=xxx;x ]x2Fonerror=javascript;alert(122)@
714 `#'?=img src=xxx;x ]x09onerror=javascript;alert(123)?
715 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
716 `#'@=img src=xxx;x ]x09onerror=javascript;alert(123)@
717 `#'?=img src=xxx;x ]x0Conerror=javascript;alert(124)?
718 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
719 `#'@=img src=xxx;x ]x0Conerror=javascript;alert(124)@
720 `#'?=img src=xxx;x ]x00onerror=javascript;alert(125)?
721 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
722 `#'@=img src=xxx;x ]x00onerror=javascript;alert(125)@
723 `#'?=img src=xxx;x ]x27onerror=javascript;alert(126)?
724 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
725 `#'@=img src=xxx;x ]x27onerror=javascript;alert(126)@
726 `#'?=img src=xxx;x ]x20onerror=javascript;alert(127)?
727 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
728 `#'@=img src=xxx;x ]x20onerror=javascript;alert(127)@
729 #`'?=script?]x3Bjavascript;alert(128)=0script?
730 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
731 #`'@=script@]x3Bjavascript;alert(128)=0script@
732 #`'?=script?]x0Djavascript;alert(129)=0script?
733 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
734 #`'@=script@]x0Djavascript;alert(129)=0script@
735 #`'?=script?]xEF]xBB]xBFjavascript;alert(130)=0script?
736 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
737 #`'@=script@]xEF]xBB]xBFjavascript;alert(130)=0script@
738 #`'?=script?]xE2]x80]x81javascript;alert(131)=0script?
739 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
740 #`'@=script@]xE2]x80]x81javascript;alert(131)=0script@
741 #`'?=script?]xE2]x80]x84javascript;alert(132)=0script?
742 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
743 #`'@=script@]xE2]x80]x84javascript;alert(132)=0script@
744 #`'?=script?]xE3]x80]x80javascript;alert(133)=0script?
745 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
746 #`'@=script@]xE3]x80]x80javascript;alert(133)=0script@
747 #`'?=script?]x09javascript;alert(134)=0script?
748 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
749 #`'@=script@]x09javascript;alert(134)=0script@
750 #`'?=script?]xE2]x80]x89javascript;alert(135)=0script?
751 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
752 #`'@=script@]xE2]x80]x89javascript;alert(135)=0script@
753 #`'?=script?]xE2]x80]x85javascript;alert(136)=0script?
754 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
755 #`'@=script@]xE2]x80]x85javascript;alert(136)=0script@
756 #`'?=script?]xE2]x80]x88javascript;alert(137)=0script?
757 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
758 #`'@=script@]xE2]x80]x88javascript;alert(137)=0script@
759 #`'?=script?]x00javascript;alert(138)=0script?
760 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
761 #`'@=script@]x00javascript;alert(138)=0script@
762 #`'?=script?]xE2]x80]xA8javascript;alert(139)=0script?
763 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
764 #`'@=script@]xE2]x80]xA8javascript;alert(139)=0script@
765 #`'?=script?]xE2]x80]x8Ajavascript;alert(140)=0script?
766 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
767 #`'@=script@]xE2]x80]x8Ajavascript;alert(140)=0script@
768 #`'?=script?]xE1]x9A]x80javascript;alert(141)=0script?
769 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
770 #`'@=script@]xE1]x9A]x80javascript;alert(141)=0script@
771 #`'?=script?]x0Cjavascript;alert(142)=0script?
772 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
773 #`'@=script@]x0Cjavascript;alert(142)=0script@
774 #`'?=script?]x2Bjavascript;alert(143)=0script?
775 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
776 #`'@=script@]x2Bjavascript;alert(143)=0script@
777 #`'?=script?]xF0]x90]x96]x9Ajavascript;alert(144)=0script?
778 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
779 #`'@=script@]xF0]x90]x96]x9Ajavascript;alert(144)=0script@
780 #`'?=script?-javascript;alert(145)=0script?
781 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
782 #`'@=script@-javascript;alert(145)=0script@
783 #`'?=script?]x0Ajavascript;alert(146)=0script?
784 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
785 #`'@=script@]x0Ajavascript;alert(146)=0script@
786 #`'?=script?]xE2]x80]xAFjavascript;alert(147)=0script?
787 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
788 #`'@=script@]xE2]x80]xAFjavascript;alert(147)=0script@
789 #`'?=script?]x7Ejavascript;alert(148)=0script?
790 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
791 #`'@=script@]x7Ejavascript;alert(148)=0script@
792 #`'?=script?]xE2]x80]x87javascript;alert(149)=0script?
793 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
794 #`'@=script@]xE2]x80]x87javascript;alert(149)=0script@
795 #`'?=script?]xE2]x81]x9Fjavascript;alert(150)=0script?
796 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
797 #`'@=script@]xE2]x81]x9Fjavascript;alert(150)=0script@
798 #`'?=script?]xE2]x80]xA9javascript;alert(151)=0script?
799 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
800 #`'@=script@]xE2]x80]xA9javascript;alert(151)=0script@
801 #`'?=script?]xC2]x85javascript;alert(152)=0script?
802 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
803 #`'@=script@]xC2]x85javascript;alert(152)=0script@
804 #`'?=script?]xEF]xBF]xAEjavascript;alert(153)=0script?
805 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
806 #`'@=script@]xEF]xBF]xAEjavascript;alert(153)=0script@
807 #`'?=script?]xE2]x80]x83javascript;alert(154)=0script?
808 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
809 #`'@=script@]xE2]x80]x83javascript;alert(154)=0script@
810 #`'?=script?]xE2]x80]x8Bjavascript;alert(155)=0script?
811 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
812 #`'@=script@]xE2]x80]x8Bjavascript;alert(155)=0script@
813 #`'?=script?]xEF]xBF]xBEjavascript;alert(156)=0script?
814 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
815 #`'@=script@]xEF]xBF]xBEjavascript;alert(156)=0script@
816 #`'?=script?]xE2]x80]x80javascript;alert(157)=0script?
817 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
818 #`'@=script@]xE2]x80]x80javascript;alert(157)=0script@
819 #`'?=script?]x21javascript;alert(158)=0script?
820 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
821 #`'@=script@]x21javascript;alert(158)=0script@
822 #`'?=script?]xE2]x80]x82javascript;alert(159)=0script?
823 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
824 #`'@=script@]xE2]x80]x82javascript;alert(159)=0script@
825 #`'?=script?]xE2]x80]x86javascript;alert(160)=0script?
826 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
827 #`'@=script@]xE2]x80]x86javascript;alert(160)=0script@
828 #`'?=script?]xE1]xA0]x8Ejavascript;alert(161)=0script?
829 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
830 #`'@=script@]xE1]xA0]x8Ejavascript;alert(161)=0script@
831 #`'?=script?]x0Bjavascript;alert(162)=0script?
832 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
833 #`'@=script@]x0Bjavascript;alert(162)=0script@
834 #`'?=script?]x20javascript;alert(163)=0script?
835 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
836 #`'@=script@]x20javascript;alert(163)=0script@
837 #`'?=script?]xC2]xA0javascript;alert(164)=0script?
838 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
839 #`'@=script@]xC2]xA0javascript;alert(164)=0script@
840 =img ]x00src=x onerror=#alert(165)#?
841 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
842 =img ]x00src=x onerror=#alert(165)#@
843 =img ]x47src=x onerror=#javascript;alert(166)#?
844 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
845 =img ]x47src=x onerror=#javascript;alert(166)#@
846 =img ]x11src=x onerror=#javascript;alert(167)#?
847 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
848 =img ]x11src=x onerror=#javascript;alert(167)#@
849 =img ]x12src=x onerror=#javascript;alert(168)#?
850 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
851 =img ]x12src=x onerror=#javascript;alert(168)#@
852 =img]x47src=x onerror=#javascript;alert(169)#?
853 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
854 =img]x47src=x onerror=#javascript;alert(169)#@
855 =img]x10src=x onerror=#javascript;alert(170)#?
856 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
857 =img]x10src=x onerror=#javascript;alert(170)#@
858 =img]x13src=x onerror=#javascript;alert(171)#?
859 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
860 =img]x13src=x onerror=#javascript;alert(171)#@
861 =img]x32src=x onerror=#javascript;alert(172)#?
862 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
863 =img]x32src=x onerror=#javascript;alert(172)#@
864 =img]x47src=x onerror=#javascript;alert(173)#?
865 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
866 =img]x47src=x onerror=#javascript;alert(173)#@
867 =img]x11src=x onerror=#javascript;alert(174)#?
868 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
869 =img]x11src=x onerror=#javascript;alert(174)#@
870 =img ]x47src=x onerror=#javascript;alert(175)#?
871 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
872 =img ]x47src=x onerror=#javascript;alert(175)#@
873 =img ]x34src=x onerror=#javascript;alert(176)#?
874 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
875 =img ]x34src=x onerror=#javascript;alert(176)#@
876 =img ]x39src=x onerror=#javascript;alert(177)#?
877 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
878 =img ]x39src=x onerror=#javascript;alert(177)#@
879 =img ]x00src=x onerror=#javascript;alert(178)#?
880 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
881 =img ]x00src=x onerror=#javascript;alert(178)#@
882 =img src]x09=x onerror=#javascript;alert(179)#?
883 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
884 =img src]x09=x onerror=#javascript;alert(179)#@
885 =img src]x10=x onerror=#javascript;alert(180)#?
886 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
887 =img src]x10=x onerror=#javascript;alert(180)#@
888 =img src]x13=x onerror=#javascript;alert(181)#?
889 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
890 =img src]x13=x onerror=#javascript;alert(181)#@
891 =img src]x32=x onerror=#javascript;alert(182)#?
892 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
893 =img src]x32=x onerror=#javascript;alert(182)#@
894 =img src]x12=x onerror=#javascript;alert(183)#?
895 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
896 =img src]x12=x onerror=#javascript;alert(183)#@
897 =img src]x11=x onerror=#javascript;alert(184)#?
898 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
899 =img src]x11=x onerror=#javascript;alert(184)#@
900 =img src]x00=x onerror=#javascript;alert(185)#?
901 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
902 =img src]x00=x onerror=#javascript;alert(185)#@
903 =img src]x47=x onerror=#javascript;alert(186)#?
904 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
905 =img src]x47=x onerror=#javascript;alert(186)#@
906 =img src=x]x09onerror=#javascript;alert(187)#?
907 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
908 =img src=x]x09onerror=#javascript;alert(187)#@
909 =img src=x]x10onerror=#javascript;alert(188)#?
910 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
911 =img src=x]x10onerror=#javascript;alert(188)#@
912 =img src=x]x11onerror=#javascript;alert(189)#?
913 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
914 =img src=x]x11onerror=#javascript;alert(189)#@
915 =img src=x]x12onerror=#javascript;alert(190)#?
916 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
917 =img src=x]x12onerror=#javascript;alert(190)#@
918 =img src=x]x13onerror=#javascript;alert(191)#?
919 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
920 =img src=x]x13onerror=#javascript;alert(191)#@
921 =img[a][b][c]src[d]=x[e]onerror=[f]#alert(192)#?
922 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
923 =img[a][b][c]src[d]=x[e]onerror=[f]#alert(192)#@
924 =img src=x onerror=]x09#javascript;alert(193)#?
925 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
926 =img src=x onerror=]x09#javascript;alert(193)#@
927 =img src=x onerror=]x10#javascript;alert(194)#?
928 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
929 =img src=x onerror=]x10#javascript;alert(194)#@
930 =img src=x onerror=]x11#javascript;alert(195)#?
931 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
932 =img src=x onerror=]x11#javascript;alert(195)#@
933 =img src=x onerror=]x12#javascript;alert(196)#?
934 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
935 =img src=x onerror=]x12#javascript;alert(196)#@
936 =img src=x onerror=]x32#javascript;alert(197)#?
937 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
938 =img src=x onerror=]x32#javascript;alert(197)#@
939 =img src=x onerror=]x00#javascript;alert(198)#?
940 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
941 =img src=x onerror=]x00#javascript;alert(198)#@
942 =a href=java&#1&#2&#3&#4&#5&#6&#7&#8&#11&#12script;javascript;alert(199)?XXX=0a?
943 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
944 =a href=java&#1&#2&#3&#4&#5&#6&#7&#8&#11&#12script;javascript;alert(199)@XXX=0a@
945 =img src=#x` `=script?javascript;alert(200)=0script?#` `?
946 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
947 =img src=#x` `=script@javascript;alert(200)=0script@#` `@
948 =img src onerror 0# '#= alt=javascript;alert(201)00#?
949 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
950 =img src onerror 0# '#= alt=javascript;alert(201)00#@
951 =title onpropertychange=javascript;alert(202)?=0title?=title title=?
952 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
953 =title onpropertychange=javascript;alert(202)@=0title@=title title=@
954 =a href=http;00foo.bar0#x=`y?=0a?=img alt=#`?=img src=x;x onerror=javascript;alert(203)?=0a?#?
955 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
956 =a href=http;00foo.bar0#x=`y@=0a@=img alt=#`@=img src=x;x onerror=javascript;alert(203)@=0a@#@
957 =!--[if]?=script?javascript;alert(204)=0script --?
958 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
959 =!--[if]@=script@javascript;alert(204)=0script --@
960 =!--[if=img src=x onerror=javascript;alert(205)00]? --?
961 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
962 =!--[if=img src=x onerror=javascript;alert(205)00]@ --@
963 =script src=#0]%(jscript)s#?=0script?
964 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
965 =script src=#0]%(jscript)s#@=0script@
966 =script src=#]]%(jscript)s#?=0script?
967 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
968 =script src=#]]%(jscript)s#@=0script@
969 =IMG ###?=SCRIPT?alert(#206#)=0SCRIPT?#?
970 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
971 =IMG ###@=SCRIPT@alert(#206#)=0SCRIPT@#@
972 =IMG SRC=javascript;alert(String.fromCharCode(50,48,55))?
973 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
974 =IMG SRC=javascript;alert(String.fromCharCode(50,48,55))@
975 =IMG SRC=# onmouseover=#alert('208')#?
976 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
977 =IMG SRC=# onmouseover=#alert('208')#@
978 =IMG SRC= onmouseover=#alert('209')#?
979 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
980 =IMG SRC= onmouseover=#alert('209')#@
981 =IMG onmouseover=#alert('210')#?
982 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
983 =IMG onmouseover=#alert('210')#@
984 =IMG SRC=javascript:alert('211')?
985 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
986 =IMG SRC=javascript:alert('211')@
987 =IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000050&#0000049&#0000050&#0000039&#0000041?
988 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
989 =IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000050&#0000049&#0000050&#0000039&#0000041@
990 =IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x32&#x31&#x33&#x27&#x29?
991 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
992 =IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x32&#x31&#x33&#x27&#x29@
993 =IMG SRC=#jav ascript;alert('214');#?
994 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
995 =IMG SRC=#jav ascript;alert('214');#@
996 =IMG SRC=#jav	ascript;alert('215');#?
997 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
998 =IMG SRC=#jav	ascript;alert('215');#@
999 =IMG SRC=#jav
ascript;alert('216');#?
1000 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
1001 =IMG SRC=#jav
ascript;alert('216');#@
1002 =IMG SRC=#jav
ascript;alert('217');#?
1003 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
1004 =IMG SRC=#jav
ascript;alert('217');#@
1005 perl -e 'print #=IMG SRC=java]0script;alert(]#218]#)?#;' ? out
1006 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
1007 perl -e 'print #=IMG SRC=java]0script;alert(]#218]#)@#;' @ out
1008 =IMG SRC=#  javascript;alert('219');#?
1009 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
1010 =IMG SRC=#  javascript;alert('219');#@
1011 =SCRIPT0XSS SRC=#http;00ha.ckers.org0xss.js#?=0SCRIPT?
1012 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
1013 =SCRIPT0XSS SRC=#http;00ha.ckers.org0xss.js#@=0SCRIPT@
1014 =BODY onload!#$%&()+~+.@@[0}]]^`=alert(#220#)?
1015 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
1016 =BODY onload!#$%&()+~+.@@[0}]]^`=alert(#220#)@
1017 =SCRIPT0SRC=#http;00ha.ckers.org0xss.js#?=0SCRIPT?
1018 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
1019 =SCRIPT0SRC=#http;00ha.ckers.org0xss.js#@=0SCRIPT@
1020 ==SCRIPT?alert(#221#);00==0SCRIPT?
1021 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
1022 ==SCRIPT@alert(#221#);00==0SCRIPT@
1023 =SCRIPT SRC=http;00ha.ckers.org0xss.js@= B ?
1024 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
1025 =SCRIPT SRC=http;00ha.ckers.org0xss.js@= B @
1026 =SCRIPT SRC=00ha.ckers.org0.j?
1027 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
1028 =SCRIPT SRC=00ha.ckers.org0.j@
1029 =IMG SRC=#javascript;alert('222')#
1030 =iframe src=http;00ha.ckers.org0scriptlet.html =
1031 ]#;alert('223');00
1032 =u oncopy=alert()? Copy me=0u?
1033 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
1034 =u oncopy=alert()@ Copy me=0u@
1035 =i onwheel=alert(224)? Scroll over me =0i?
1036 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
1037 =i onwheel=alert(224)@ Scroll over me =0i@
1038 =plaintext?
1039 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
1040 =plaintext@
1041 http;00a0%%30%30
1042 =0textarea?=script?alert(225)=0script?
1043 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
1044 =0textarea@=script@alert(225)=0script@
1045 _
1046 # SQL Injection
1047 #
1048 # Strings which can cause a SQL injection if inputs are not sanitized
1049 _
1050 1;DROP TABLE users
1051 1'; DROP TABLE users-- 1
1052 ' OR 1=1 -- 1
1053 ' OR '1'='1
1054 '; EXEC sp_MSForEachTable 'DROP TABLE @'
1055 _
1056 %
1057 _
1058 _
1059 # Server Code Injection
1060 #
1061 # Strings which can cause user to run code on server as a privileged user (c.f. https;00news.ycombinator.com0item@id=7665153)
1062 _
1063 _
1064 _
1065 version
1066 help
1067 $USER
1068 0dev0null; touch 0tmp0blns.fail ; echo
1069 `touch 0tmp0blns.fail`
1070 $(touch 0tmp0blns.fail)
1071 @{[system #touch 0tmp0blns.fail#]}
1072 _
1073 # Command Injection (Ruby)
1074 #
1075 # Strings which can call system commands within Ruby0Rails applications
1076 _
1077 eval(#puts 'hello world'#)
1078 System(#ls -al 0#)
1079 `ls -al 0`
1080 Kernel.exec(#ls -al 0#)
1081 Kernel.exit(1)
1082 %x('ls -al 0')
1083 _
1084 # XXE Injection (XML)
1085 #
1086 # String which can reveal system files when parsed by a badly configured XML parser
1087 _
1088 =@xml version=#1.0# encoding=#ISO-8859-1#@?=!DOCTYPE foo [ =!ELEMENT foo ANY ?=!ENTITY xxe SYSTEM #file;000etc0passwd# ?]?=foo?&xxe;=0foo?
1089 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
1090 =@xml version=#1.0# encoding=#ISO-8859-1#@@=!DOCTYPE foo [ =!ELEMENT foo ANY @=!ENTITY xxe SYSTEM #file;000etc0passwd# @]@=foo@&xxe;=0foo@
1091 _
1092 # Unwanted Interpolation
1093 #
1094 # Strings which can be accidentally expanded into different strings if evaluated in the wrong context, e.g. used as a printf format string or via Perl or shell eval. Might expose sensitive data from the program doing the interpolation, or might just repr.
1095 _
1096 $HOME
1097 $ENV{'HOME'}
1098 %d
1099 %s%s%s%s%s
1100 {0}
1101 %+.+s
1102 %@
1103 %n
1104 File;000
1105 _
1106 # File Inclusion
1107 #
1108 # Strings which can cause user to pull in files that should not be a part of a web server
1109 _
1110 0..0..0..0..0..0..0..0..0..0.0etc0passwd%00
1111 0..0..0..0..0..0..0..0..0..0.0etc0hosts
1112 _
1113 # Known CVEs and Vulnerabilities
1114 #
1115 # Strings that test for known vulnerabilities
1116 _
1117 () { 0; }; touch 0tmp0blns.shellshock1.fail
1118 () { _; } ?_[$($())] { touch 0tmp0blns.shellshock2.fail; }
1119 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
1120 () { _; } @_[$($())] { touch 0tmp0blns.shellshock2.fail; }
1121 === %s(un='%s') = %u
1122 +++ATH0
1123 _
1124 # MSDOS0Windows Special Filenames
1125 #
1126 # Strings which are reserved characters in MSDOS0Windows
1127 _
1128 CON_
1129 PRN_
1130 AUX_
1131 CLOCK$
1132 NUL_
1133 A
1134 ZZ
1135 COM1_
1136 LPT1_
1137 LPT2_
1138 LPT3_
1139 COM2_
1140 COM3_
1141 COM4_
1142 _
1143 # IRC specific strings
1144 #
1145 # Strings that may occur on IRC clients that make security products freak out
1146 _
1147 DCC SEND STARTKEYLOGGER 0 0 0
1148 _
1149 # Scunthorpe Problem
1150 #
1151 # Innocuous strings which may be blocked by profanity filters (https;00en.wikipedia.org0wiki0Scunthorpe_problem)
1152 _
1153 Scunthorpe General Hospital
1154 Penistone Community Church
1155 Lightwater Country Park
1156 Jimmy Clitheroe
1157 Horniman Museum
1158 shitake mushrooms
1159 RomansInSussex.co.uk
1160 http;00www.cum.qc.ca0
1161 Craig Cockburn, Software Specialist
1162 Linda Callahan
1163 Dr. Herman I.Libshitz
1164 magna cum laude
1165 Super Bowl XXX
1166 medieval erection of parapets
1167 evaluate
1168 mocha
1169 expression
1170 Arsenal canal
1171 classic
1172 Tyson Gay
1173 Dick Van Dyke
1174 basement
1175 _
1176 # Human injection
1177 #
1178 # Strings which may cause human to reinterpret worldview
1179 _
1180 If you're reading this, you've been in a coma for almost 20 years now. We're trying a new technique. We don't know where this message will end up in your dream, but we hope it works. Please wake up, we miss you.
1181 _
1182 # Terminal escape codes
1183 #
1184 # Strings which punish the fools who use cat0type on this file
1185 _
1186 Roses are \1c[0;31mred\1c[0m, violets are \1c[0;34mblue.Hope you enjoy terminal hue
1187 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
1188 Roses are \1d[0;31mred\1d[0m, violets are \1d[0;34mblue.Hope you enjoy terminal hue
1189 But now...\1c[20Cfor my greatest trick.\1c[8m
1190 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
1191 But now...\1d[20Cfor my greatest trick.\1d[8m
1192 The quic k brown fo\b\b\b\b\b\b\b\b\b\b\bx.[Beeeep]
1193 ⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
1194 The quic k brown fo x.[Beeeep]
1195 _
1196 # iOS Vulnerabilities
1197 #
1198 # Strings which crashed iMessage in various versions of iOS
1199 _
1200 Powerلُلُصّبُلُلصّبُررً ॣ ॣh ॣ ॣ冗
1201 🏳0🌈️
1202 జ్ఞ‌ా
1203 _
1204 # Persian special characters
1205 #
1206 # This is a four characters string which includes Persian special characters (گچپژ)
1207 _
1208 گچپژ
1209 _
1210 # jinja2 injection
1211 #
1212 # first one is supposed to raise #MemoryError# exception
1213 # second, obviously, prints contents of 0etc0passwd
1214 _
1215 {% print 'x' + 64 + 1024++3 %}
1216 {{ ##.__class__.__mro__[2].__subclasses__()[40](#0etc0passwd#).read() }}