3 Strings_which_may_be_used_elsewhere_in_code
27 Strings_which_can_be_interpreted_as_numeric
47 9223372036854775808_-1
69 999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999
83 123456789012345678901234567890123456789
99 2.2250738585072011e-308
103 ASCII_punctuation.All_of_these_characters_may_need_to_be_escaped_in_some
104 contexts.__Divided_into_three_groups_based_on_(US-layout)_keyboard_position.
110 Non-whitespace_C0_controls__U+0001_through_U+0008,_U+000E_through_U+001F
112 Often_forbidden_to_appear_in_various_text-based_file_formats_(e.g.XML)
113 or_reused_for_internal_delimiters_on_the_theory_that_they_should_never
115 The_next_line_may_appear_to_be_blank_or_mojibake_in_some_viewers.
118 Non-whitespace_C1_controls__U+0080_through_U+0084_and_U+0086_through_U+009F.
119 Commonly_misinterpreted_as_additional_graphic_characters.
120 The_next_line_may_appear_to_be_blank,_mojibake,_or_dingbats_in_some_viewers.
123 Whitespace__all_of_the_characters_with_category_Zs,_Zl,_or_Zp_(in_Unicode
124 version_8.0.0),_plus_U+0009_(HT),_U+000B_(VT),_U+000C_(FF),_U+0085_(NEL)
125 and_U+200B_(ZERO_WIDTH_SPACE),_which_are_in_the_C_categories_but_are_often
126 treated_as_whitespace_in_some_contexts.
127 This_file_unfortunately_cannot_express_strings_containing
128 U+0000,_U+000A,_or_U+000D_(NUL,_LF,_CR).
129 The_next_line_may_appear_to_be_blank_or_mojibake_in_some_viewers.
130 The_next_line_may_be_flagged_for__trailing_whitespace__in_some_viewers.
133 Unicode_additional_control_characters__all_of_the_characters_with
134 general_category_Cf_(in_Unicode_8.0.0).
135 The_next_line_may_appear_to_be_blank_or_mojibake_in_some_viewers.
136 _________
138 Byte_order_marks_,_U+FEFF_and_U+FFFE,_each_on_its_own_line.
139 The_next_two_lines_may_appear_to_be_blank_or_mojibake_in_some_viewers.
145 Strings_which_contain_common_unicode_symbols_(e.g.smart_quotes)
156 ЁЂЃЄЅІЇЈЉЊЋЌЍЎЏАБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯабвгдежзийклмнопрстуфхцчшщъыьэюя
159 Unicode_Subscript_Superscript_Accents
161 Strings_which_contain_unicode_subscripts_superscripts;_can_cause_rendering_issues
166 ด้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้
170 Strings_which_contain_misplaced_quotation_marks;_can_cause_encoding_errors
186 Strings_which_contain_two-byte_characters__can_cause_rendering_issues_or_character-length_issues
193 찦차를_타고_온_펲시맨과_쑛다리_똠방각하
198 Strings_which_contain_two-byte_letters__can_cause_issues_with_naïve_UTF-16_capitalizers_which_think_that_16_bits_==_1_character
200 𐐜_𐐔𐐇𐐝𐐀𐐡𐐇𐐓_𐐙𐐊𐐡𐐝𐐓_𐐝𐐇𐐗𐐊𐐤𐐔_𐐒𐐋𐐗_𐐒𐐌_𐐜_𐐡𐐀𐐖𐐇𐐤𐐓𐐝_𐐱𐑂_𐑄_𐐔𐐇𐐝𐐀𐐡𐐇𐐓_𐐏𐐆𐐅𐐤𐐆𐐚𐐊𐐡𐐝𐐆𐐓𐐆
202 Special_Unicode_Characters_Union
204 A_super_string_recommended_by_VMware_Inc._Globalization_Team__can_effectively_cause_rendering_issues_or_character-length_issues_to_validate_product_globalization_readiness.
206 表__________CJK_UNIFIED_IDEOGRAPHS_(U+8868)
207 ポ__________KATAKANA_LETTER_PO_(U+30DD)
208 あ__________HIRAGANA_LETTER_A_(U+3042)
209 A___________LATIN_CAPITAL_LETTER_A_(U+0041)
210 鷗__________CJK_UNIFIED_IDEOGRAPHS_(U+9DD7)
211 Œ___________LATIN_SMALL_LIGATURE_OE_(U+0153)
212 é___________LATIN_SMALL_LETTER_E_WITH_ACUTE_(U+00E9)
213 B___________FULLWIDTH_LATIN_CAPITAL_LETTER_B_(U+FF22)
214 逍__________CJK_UNIFIED_IDEOGRAPHS_(U+900D)
215 Ü___________LATIN_SMALL_LETTER_U_WITH_DIAERESIS_(U+00FC)
216 ß___________LATIN_SMALL_LETTER_SHARP_S_(U+00DF)
217 ª___________FEMININE_ORDINAL_INDICATOR_(U+00AA)
218 ą___________LATIN_SMALL_LETTER_A_WITH_OGONEK_(U+0105)
219 ñ___________LATIN_SMALL_LETTER_N_WITH_TILDE_(U+00F1)
220 丂__________CJK_UNIFIED_IDEOGRAPHS_(U+4E02)
221 㐀__________CJK_Ideograph_Extension_A,_First_(U+3400)
222 𠀀__________CJK_Ideograph_Extension_B,_First_(U+20000)
226 Changing_length_when_lowercased
228 Characters_which_increase_in_length_(2_to_3_bytes)_when_lowercased
229 Credit__https___twitter.com_jifa_status_625776454479970304
236 Strings_which_consists_of_Japanese-style_emoticons_which_are_popular_on_the_web
244 。・___・゜’(_☻_ω_☻_)。・___・゜’
253 Strings_which_contain_Emoji;_should_be_the_same_behavior_as_two-byte_characters,_but_not_always
257 👨🦰_👨🏿🦰_👨🦱_👨🏿🦱_🦹🏿♂️
260 ❤️_💔_💌_💕_💞_💓_💗_💖_💘_💝_💟_💜_💛_💚_💙
262 👨👩👦_👨👩👧👦_👨👨👦_👩👩👧_👨👦_👨👧👦_👩👦_👩👧👦
264 0️⃣_1️⃣_2️⃣_3️⃣_4️⃣_5️⃣_6️⃣_7️⃣_8️⃣_9️⃣_🔟
266 Regional_Indicator_Symbols
268 Regional_Indicator_Symbols_can_be_displayed_differently_across
269 fonts,_and_have_a_number_of_special_behaviors
277 Strings_which_contain_unicode_numbers;_if_the_code_is_localized,_it_should_see_the_input_as_numeric
282 Right-To-Left_Strings
284 Strings_which_contain_text_that_should_be_rendered_RTL_if_possible_(e.g.Arabic,_Hebrew)
286 ثم_نفس_سقطت_وبالتحديد،,_جزيرتي_باستخدام_أن_دنو._إذ_هنا؟_الستار_وتنصيب_كان._أهّل_ايطاليا،_بريطانيا-فرنسا_قد_أخذ._سليمان،_إتفاقية_بين_ما,_يذكر.
287 בְּרֵאשִׁית,_בָּרָא_אֱלֹהִים,_אֵת_הַשָּׁמַיִם,_וְאֵת_הָאָרֶץ
288 הָיְתָהtestالصفحات_التّحول
291 مُنَاقَشَةُ_سُبُلِ_اِسْتِخْدَامِ_اللُّغَةِ_فِي_النُّظُمِ_الْقَائِمَةِ_وَفِيم_يَخُصَّ_التَّطْبِيقَاتُ_الْحاسُوبِيَّةُ،
292 الكل_في_المجمو_عة_(5)
296 The_only_unicode_alphabet_to_use_a_space_which_isn't_empty_but_should_still_act_like_a_space.
303 Strings_which_contain_unicode_with_unusual_properties_(e.g._Right-to-left_override)_(c.f._http___www.unicode.org_charts_PDF_U2000.pdf)
313 Strings_which_contain__corrupted__text._The_corruption_will_not_appear_in_non-HTML_text,_however._(via_http___www.eeemo.net)
315 Ṱ̺̺̕o͞_̷i̲̬͇̪͙n̝̗͕v̟̜̘̦͟o̶̙̰̠kè͚̮̺̪̹̱̤_̖t̝͕̳̣̻̪͞h̼͓̲̦̳̘̲e͇̣̰̦̬͎_̢̼̻̱̘h͚͎͙̜̣̲ͅi̦̲̣̰̤v̻͍e̺̭̳̪̰-m̢iͅn̖̺̞̲̯̰d̵̼̟͙̩̼̘̳_̞̥̱̳̭r̛̗̘e͙p͠r̼̞̻̭̗e̺̠.̨̹͈̣
316 ̡͓̞ͅI̗̘̦͝n͇͇͙v̮̫ok̲̫̙͈i̖͙̭̹̠̞n̡̻̮̣̺g̲͈͙̭͙̬͎_̰t͔̦h̞̲e̢̤_͍̬̲͖f̴̘͕̣è͖ẹ̥̩l͖͔͚i͓͚̦͠n͖͍̗͓̳̮g͍_̨o͚̪͡f̘̣̬_̖̘͖̟͙̮c҉͔̫͖͓͇͖ͅh̵̤̣͚͔á̗̼͕ͅo̼̣̥s̱͈̺̖.̛̖̞̠̫̰
317 ̗̺͖̹̯͓Ṯ̤͍̥͇͈h̲́e͏͓̼̗̙̼̣͔_͇̜̱̠͓͍ͅN͕͠e̗̱z̘̝̜̺͙p̤̺̹͍̯͚e̠̻̠͜r̨̤͍̺̖͔̖̖d̠̟̭̬̝͟i̦͖̩͓͔̤a̠̗̬͉̙n͚͜_̻̞̰͚ͅh̵͉i̳̞v̢͇ḙ͎͟-҉̭̩̼͔m̤̭̫i͕͇̝̦n̗͙ḍ̟_̯̲͕͞ǫ̟̯̰.̟
318 ̦H̬̤̗̤͝e͜_̜̥̝̻͍̟́w̕h̖̯͓o̝͙̖͎̱̮_҉̺̙̞̟͈W̷̼̭a̺̪͍į͈͕̭͙̯̜t̶̼̮s̘͙͖̕_̠̫̠B̻͍͙͉̳ͅe̵h̵̬͇̫͙i̹͓̳̳̮͎̫̕n͟d̴̪̜̖_̰͉̩͇͙̲͞ͅT͖̼͓̪͢h͏͓̮̻e̬̝̟ͅ_̤̹̝W͙̞̝͔͇͝ͅa͏͓͔̹.͕
319 Z̮̞̠͙͔ͅḀ̗̞͈̻̗Ḷ͙͎̯̹̞͓G̻O̭̗̮
323 Strings_which_contain_unicode_with_an__upsidedown__effect_(via_http___www.upsidedowntext.com)
325 ˙ɐnbᴉlɐ_ɐuƃɐɯ_ǝɹolop_ʇǝ_ǝɹoqɐl_ʇn_ʇunpᴉpᴉɔuᴉ_ɹodɯǝʇ_poɯsnᴉǝ_op_pǝs_'ʇᴉlǝ_ƃuᴉɔsᴉdᴉpɐ_ɹnʇǝʇɔǝsuoɔ_'ʇǝɯɐ_ʇᴉs_ɹolop_ɯnsdᴉ_ɯǝɹo˥
330 Strings_which_contain_bold_italic_etc.versions_of_normal_characters
332 The_quick_brown_fox_jumps_over_the_lazy_dog
333 𝐓𝐡𝐞_𝐪𝐮𝐢𝐜𝐤_𝐛𝐫𝐨𝐰𝐧_𝐟𝐨𝐱_𝐣𝐮𝐦𝐩𝐬_𝐨𝐯𝐞𝐫_𝐭𝐡𝐞_𝐥𝐚𝐳𝐲_𝐝𝐨𝐠
334 𝕿𝖍𝖊_𝖖𝖚𝖎𝖈𝖐_𝖇𝖗𝖔𝖜𝖓_𝖋𝖔𝖝_𝖏𝖚𝖒𝖕𝖘_𝖔𝖛𝖊𝖗_𝖙𝖍𝖊_𝖑𝖆𝖟𝖞_𝖉𝖔𝖌
335 𝑻𝒉𝒆_𝒒𝒖𝒊𝒄𝒌_𝒃𝒓𝒐𝒘𝒏_𝒇𝒐𝒙_𝒋𝒖𝒎𝒑𝒔_𝒐𝒗𝒆𝒓_𝒕𝒉𝒆_𝒍𝒂𝒛𝒚_𝒅𝒐𝒈
336 𝓣𝓱𝓮_𝓺𝓾𝓲𝓬𝓴_𝓫𝓻𝓸𝔀𝓷_𝓯𝓸𝔁_𝓳𝓾𝓶𝓹𝓼_𝓸𝓿𝓮𝓻_𝓽𝓱𝓮_𝓵𝓪𝔃𝔂_𝓭𝓸𝓰
337 𝕋𝕙𝕖_𝕢𝕦𝕚𝕔𝕜_𝕓𝕣𝕠𝕨𝕟_𝕗𝕠𝕩_𝕛𝕦𝕞𝕡𝕤_𝕠𝕧𝕖𝕣_𝕥𝕙𝕖_𝕝𝕒𝕫𝕪_𝕕𝕠𝕘
338 𝚃𝚑𝚎_𝚚𝚞𝚒𝚌𝚔_𝚋𝚛𝚘𝚠𝚗_𝚏𝚘𝚡_𝚓𝚞𝚖𝚙𝚜_𝚘𝚟𝚎𝚛_𝚝𝚑𝚎_𝚕𝚊𝚣𝚢_𝚍𝚘𝚐
339 ⒯⒣⒠_⒬⒰⒤⒞⒦_⒝⒭⒪⒲⒩_⒡⒪⒳_⒥⒰⒨⒫⒮_⒪⒱⒠⒭_⒯⒣⒠_⒧⒜⒵⒴_⒟⒪⒢
343 Strings_which_attempt_to_invoke_a_benign_script_injection;_shows_vulnerability_to_XSS
345 script_alert(0)__script
346 lt;script_gt;alert(__39;1__39;);_lt;_script_gt
347 img_src=x_onerror=alert(2)
348 svg__script_123_1_alert(3)__script
349 script_alert(4)__script
350 '__script_alert(5)__script
351 script_alert(6)__script
352 script__script_alert(7)__script
353 script____script__alert(8)____script
354 onfocus=JaVaSCript_alert(9)_autofocus
355 onfocus=JaVaSCript_alert(10)_autofocus
356 '_onfocus=JaVaSCript_alert(11)_autofocus
357 <script>alert(12)<_script>
358 sc_script_ript_alert(13)__sc__script_ript
359 script_alert(14)__script
364 src=JaVaSCript_prompt(19)
365 script_alert(20);__script_x=
366 '__script_alert(21);__script_x='
367 script_alert(22);__script_x=
368 autofocus_onkeyup=_javascript_alert(23)
369 '_autofocus_onkeyup='javascript_alert(24)
370 script_x20type=_text_javascript__javascript_alert(25);__script
371 script_x3Etype=_text_javascript__javascript_alert(26);__script
372 script_x0Dtype=_text_javascript__javascript_alert(27);__script
373 script_x09type=_text_javascript__javascript_alert(28);__script
374 script_x0Ctype=_text_javascript__javascript_alert(29);__script
375 script_x2Ftype=_text_javascript__javascript_alert(30);__script
376 script_x0Atype=_text_javascript__javascript_alert(31);__script
377 '_____x3Cscript_javascript_alert(32)__script
378 '_____x00script_javascript_alert(33)__script
379 ABC_div_style=_x_x3Aexpression(javascript_alert(34)__DEF
380 ABC_div_style=_x_expression_x5C(javascript_alert(35)__DEF
381 ABC_div_style=_x_expression_x00(javascript_alert(36)__DEF
382 ABC_div_style=_x_exp_x00ression(javascript_alert(37)__DEF
383 ABC_div_style=_x_exp_x5Cression(javascript_alert(38)__DEF
384 ABC_div_style=_x__x0Aexpression(javascript_alert(39)__DEF
385 ABC_div_style=_x__x09expression(javascript_alert(40)__DEF
386 ABC_div_style=_x__xE3_x80_x80expression(javascript_alert(41)__DEF
387 ABC_div_style=_x__xE2_x80_x84expression(javascript_alert(42)__DEF
388 ABC_div_style=_x__xC2_xA0expression(javascript_alert(43)__DEF
389 ABC_div_style=_x__xE2_x80_x80expression(javascript_alert(44)__DEF
390 ABC_div_style=_x__xE2_x80_x8Aexpression(javascript_alert(45)__DEF
391 ABC_div_style=_x__x0Dexpression(javascript_alert(46)__DEF
392 ABC_div_style=_x__x0Cexpression(javascript_alert(47)__DEF
393 ABC_div_style=_x__xE2_x80_x87expression(javascript_alert(48)__DEF
394 ABC_div_style=_x__xEF_xBB_xBFexpression(javascript_alert(49)__DEF
395 ABC_div_style=_x__x20expression(javascript_alert(50)__DEF
396 ABC_div_style=_x__xE2_x80_x88expression(javascript_alert(51)__DEF
397 ABC_div_style=_x__x00expression(javascript_alert(52)__DEF
398 ABC_div_style=_x__xE2_x80_x8Bexpression(javascript_alert(53)__DEF
399 ABC_div_style=_x__xE2_x80_x86expression(javascript_alert(54)__DEF
400 ABC_div_style=_x__xE2_x80_x85expression(javascript_alert(55)__DEF
401 ABC_div_style=_x__xE2_x80_x82expression(javascript_alert(56)__DEF
402 ABC_div_style=_x__x0Bexpression(javascript_alert(57)__DEF
403 ABC_div_style=_x__xE2_x80_x81expression(javascript_alert(58)__DEF
404 ABC_div_style=_x__xE2_x80_x83expression(javascript_alert(59)__DEF
405 ABC_div_style=_x__xE2_x80_x89expression(javascript_alert(60)__DEF
406 a_href=__x0Bjavascript_javascript_alert(61)__id=_fuzzelement1__test__a
407 a_href=__x0Fjavascript_javascript_alert(62)__id=_fuzzelement1__test__a
408 a_href=__xC2_xA0javascript_javascript_alert(63)__id=_fuzzelement1__test__a
409 a_href=__x05javascript_javascript_alert(64)__id=_fuzzelement1__test__a
410 a_href=__xE1_xA0_x8Ejavascript_javascript_alert(65)__id=_fuzzelement1__test__a
411 a_href=__x18javascript_javascript_alert(66)__id=_fuzzelement1__test__a
412 a_href=__x11javascript_javascript_alert(67)__id=_fuzzelement1__test__a
413 a_href=__xE2_x80_x88javascript_javascript_alert(68)__id=_fuzzelement1__test__a
414 a_href=__xE2_x80_x89javascript_javascript_alert(69)__id=_fuzzelement1__test__a
415 a_href=__xE2_x80_x80javascript_javascript_alert(70)__id=_fuzzelement1__test__a
416 a_href=__x17javascript_javascript_alert(71)__id=_fuzzelement1__test__a
417 a_href=__x03javascript_javascript_alert(72)__id=_fuzzelement1__test__a
418 a_href=__x0Ejavascript_javascript_alert(73)__id=_fuzzelement1__test__a
419 a_href=__x1Ajavascript_javascript_alert(74)__id=_fuzzelement1__test__a
420 a_href=__x00javascript_javascript_alert(75)__id=_fuzzelement1__test__a
421 a_href=__x10javascript_javascript_alert(76)__id=_fuzzelement1__test__a
422 a_href=__xE2_x80_x82javascript_javascript_alert(77)__id=_fuzzelement1__test__a
423 a_href=__x20javascript_javascript_alert(78)__id=_fuzzelement1__test__a
424 a_href=__x13javascript_javascript_alert(79)__id=_fuzzelement1__test__a
425 a_href=__x09javascript_javascript_alert(80)__id=_fuzzelement1__test__a
426 a_href=__xE2_x80_x8Ajavascript_javascript_alert(81)__id=_fuzzelement1__test__a
427 a_href=__x14javascript_javascript_alert(82)__id=_fuzzelement1__test__a
428 a_href=__x19javascript_javascript_alert(83)__id=_fuzzelement1__test__a
429 a_href=__xE2_x80_xAFjavascript_javascript_alert(84)__id=_fuzzelement1__test__a
430 a_href=__x1Fjavascript_javascript_alert(85)__id=_fuzzelement1__test__a
431 a_href=__xE2_x80_x81javascript_javascript_alert(86)__id=_fuzzelement1__test__a
432 a_href=__x1Djavascript_javascript_alert(87)__id=_fuzzelement1__test__a
433 a_href=__xE2_x80_x87javascript_javascript_alert(88)__id=_fuzzelement1__test__a
434 a_href=__x07javascript_javascript_alert(89)__id=_fuzzelement1__test__a
435 a_href=__xE1_x9A_x80javascript_javascript_alert(90)__id=_fuzzelement1__test__a
436 a_href=__xE2_x80_x83javascript_javascript_alert(91)__id=_fuzzelement1__test__a
437 a_href=__x04javascript_javascript_alert(92)__id=_fuzzelement1__test__a
438 a_href=__x01javascript_javascript_alert(93)__id=_fuzzelement1__test__a
439 a_href=__x08javascript_javascript_alert(94)__id=_fuzzelement1__test__a
440 a_href=__xE2_x80_x84javascript_javascript_alert(95)__id=_fuzzelement1__test__a
441 a_href=__xE2_x80_x86javascript_javascript_alert(96)__id=_fuzzelement1__test__a
442 a_href=__xE3_x80_x80javascript_javascript_alert(97)__id=_fuzzelement1__test__a
443 a_href=__x12javascript_javascript_alert(98)__id=_fuzzelement1__test__a
444 a_href=__x0Djavascript_javascript_alert(99)__id=_fuzzelement1__test__a
445 a_href=__x0Ajavascript_javascript_alert(100)__id=_fuzzelement1__test__a
446 a_href=__x0Cjavascript_javascript_alert(101)__id=_fuzzelement1__test__a
447 a_href=__x15javascript_javascript_alert(102)__id=_fuzzelement1__test__a
448 a_href=__xE2_x80_xA8javascript_javascript_alert(103)__id=_fuzzelement1__test__a
449 a_href=__x16javascript_javascript_alert(104)__id=_fuzzelement1__test__a
450 a_href=__x02javascript_javascript_alert(105)__id=_fuzzelement1__test__a
451 a_href=__x1Bjavascript_javascript_alert(106)__id=_fuzzelement1__test__a
452 a_href=__x06javascript_javascript_alert(107)__id=_fuzzelement1__test__a
453 a_href=__xE2_x80_xA9javascript_javascript_alert(108)__id=_fuzzelement1__test__a
454 a_href=__xE2_x80_x85javascript_javascript_alert(109)__id=_fuzzelement1__test__a
455 a_href=__x1Ejavascript_javascript_alert(110)__id=_fuzzelement1__test__a
456 a_href=__xE2_x81_x9Fjavascript_javascript_alert(111)__id=_fuzzelement1__test__a
457 a_href=__x1Cjavascript_javascript_alert(112)__id=_fuzzelement1__test__a
458 a_href=_javascript_x00_javascript_alert(113)__id=_fuzzelement1__test__a
459 a_href=_javascript_x3A_javascript_alert(114)__id=_fuzzelement1__test__a
460 a_href=_javascript_x09_javascript_alert(115)__id=_fuzzelement1__test__a
461 a_href=_javascript_x0D_javascript_alert(116)__id=_fuzzelement1__test__a
462 a_href=_javascript_x0A_javascript_alert(117)__id=_fuzzelement1__test__a
463 '__img_src=xxx_x__x0Aonerror=javascript_alert(118)
464 '__img_src=xxx_x__x22onerror=javascript_alert(119)
465 '__img_src=xxx_x__x0Bonerror=javascript_alert(120)
466 '__img_src=xxx_x__x0Donerror=javascript_alert(121)
467 '__img_src=xxx_x__x2Fonerror=javascript_alert(122)
468 '__img_src=xxx_x__x09onerror=javascript_alert(123)
469 '__img_src=xxx_x__x0Conerror=javascript_alert(124)
470 '__img_src=xxx_x__x00onerror=javascript_alert(125)
471 '__img_src=xxx_x__x27onerror=javascript_alert(126)
472 '__img_src=xxx_x__x20onerror=javascript_alert(127)
473 '__script__x3Bjavascript_alert(128)__script
474 '__script__x0Djavascript_alert(129)__script
475 '__script__xEF_xBB_xBFjavascript_alert(130)__script
476 '__script__xE2_x80_x81javascript_alert(131)__script
477 '__script__xE2_x80_x84javascript_alert(132)__script
478 '__script__xE3_x80_x80javascript_alert(133)__script
479 '__script__x09javascript_alert(134)__script
480 '__script__xE2_x80_x89javascript_alert(135)__script
481 '__script__xE2_x80_x85javascript_alert(136)__script
482 '__script__xE2_x80_x88javascript_alert(137)__script
483 '__script__x00javascript_alert(138)__script
484 '__script__xE2_x80_xA8javascript_alert(139)__script
485 '__script__xE2_x80_x8Ajavascript_alert(140)__script
486 '__script__xE1_x9A_x80javascript_alert(141)__script
487 '__script__x0Cjavascript_alert(142)__script
488 '__script__x2Bjavascript_alert(143)__script
489 '__script__xF0_x90_x96_x9Ajavascript_alert(144)__script
490 '__script_-javascript_alert(145)__script
491 '__script__x0Ajavascript_alert(146)__script
492 '__script__xE2_x80_xAFjavascript_alert(147)__script
493 '__script__x7Ejavascript_alert(148)__script
494 '__script__xE2_x80_x87javascript_alert(149)__script
495 '__script__xE2_x81_x9Fjavascript_alert(150)__script
496 '__script__xE2_x80_xA9javascript_alert(151)__script
497 '__script__xC2_x85javascript_alert(152)__script
498 '__script__xEF_xBF_xAEjavascript_alert(153)__script
499 '__script__xE2_x80_x83javascript_alert(154)__script
500 '__script__xE2_x80_x8Bjavascript_alert(155)__script
501 '__script__xEF_xBF_xBEjavascript_alert(156)__script
502 '__script__xE2_x80_x80javascript_alert(157)__script
503 '__script__x21javascript_alert(158)__script
504 '__script__xE2_x80_x82javascript_alert(159)__script
505 '__script__xE2_x80_x86javascript_alert(160)__script
506 '__script__xE1_xA0_x8Ejavascript_alert(161)__script
507 '__script__x0Bjavascript_alert(162)__script
508 '__script__x20javascript_alert(163)__script
509 '__script__xC2_xA0javascript_alert(164)__script
510 img__x00src=x_onerror=_alert(165)
511 img__x47src=x_onerror=_javascript_alert(166)
512 img__x11src=x_onerror=_javascript_alert(167)
513 img__x12src=x_onerror=_javascript_alert(168)
514 img_x47src=x_onerror=_javascript_alert(169)
515 img_x10src=x_onerror=_javascript_alert(170)
516 img_x13src=x_onerror=_javascript_alert(171)
517 img_x32src=x_onerror=_javascript_alert(172)
518 img_x47src=x_onerror=_javascript_alert(173)
519 img_x11src=x_onerror=_javascript_alert(174)
520 img__x47src=x_onerror=_javascript_alert(175)
521 img__x34src=x_onerror=_javascript_alert(176)
522 img__x39src=x_onerror=_javascript_alert(177)
523 img__x00src=x_onerror=_javascript_alert(178)
524 img_src_x09=x_onerror=_javascript_alert(179)
525 img_src_x10=x_onerror=_javascript_alert(180)
526 img_src_x13=x_onerror=_javascript_alert(181)
527 img_src_x32=x_onerror=_javascript_alert(182)
528 img_src_x12=x_onerror=_javascript_alert(183)
529 img_src_x11=x_onerror=_javascript_alert(184)
530 img_src_x00=x_onerror=_javascript_alert(185)
531 img_src_x47=x_onerror=_javascript_alert(186)
532 img_src=x_x09onerror=_javascript_alert(187)
533 img_src=x_x10onerror=_javascript_alert(188)
534 img_src=x_x11onerror=_javascript_alert(189)
535 img_src=x_x12onerror=_javascript_alert(190)
536 img_src=x_x13onerror=_javascript_alert(191)
537 img_a__b__c_src_d_=x_e_onerror=_f__alert(192)
538 img_src=x_onerror=_x09_javascript_alert(193)
539 img_src=x_onerror=_x10_javascript_alert(194)
540 img_src=x_onerror=_x11_javascript_alert(195)
541 img_src=x_onerror=_x12_javascript_alert(196)
542 img_src=x_onerror=_x32_javascript_alert(197)
543 img_src=x_onerror=_x00_javascript_alert(198)
544 a_href=java__1__2__3__4__5__6__7__8__11__12script_javascript_alert(199)_XXX__a
545 img_src=_x____script_javascript_alert(200)__script
546 img_src_onerror____'_=_alt=javascript_alert(201)
547 title_onpropertychange=javascript_alert(202)___title__title_title=
548 a_href=http___foo.bar__x=_y___a__img_alt=____img_src=x_x_onerror=javascript_alert(203)___a
549 !--_if___script_javascript_alert(204)__script
550 !--_if_img_src=x_onerror=javascript_alert(205)
551 script_src=____(jscript)s____script
552 script_src=____(jscript)s____script
553 IMG______SCRIPT_alert(_206_)__SCRIPT
554 IMG_SRC=javascript_alert(String.fromCharCode(50,48,55))
555 IMG_SRC=__onmouseover=_alert('208')
556 IMG_SRC=_onmouseover=_alert('209')
557 IMG_onmouseover=_alert('210')
558 IMG_SRC=__106;__97;__118;__97;__115;__99;__114;__105;__112;__116;__58;__97;__108;__101;__114;__116;__40;__39;__50;__49;__49;__39;__41
559 IMG_SRC=__0000106__0000097__0000118__0000097__0000115__0000099__0000114__0000105__0000112__0000116__0000058__0000097__0000108__0000101__0000114__0000116__0000040__0000039__0000050__0000049__0000050__0000039__0000041
560 IMG_SRC=__x6A__x61__x76__x61__x73__x63__x72__x69__x70__x74__x3A__x61__x6C__x65__x72__x74__x28__x27__x32__x31__x33__x27__x29
561 IMG_SRC=_jav___ascript_alert('214')
562 IMG_SRC=_jav__x09;ascript_alert('215')
563 IMG_SRC=_jav__x0A;ascript_alert('216')
564 IMG_SRC=_jav__x0D;ascript_alert('217')
565 perl_-e_'print___IMG_SRC=java_0script_alert(__218__)__;'___out
566 IMG_SRC=____14;__javascript_alert('219')
567 SCRIPT_XSS_SRC=_http___ha.ckers.org_xss.js____SCRIPT
568 BODY_onload!_$__()_~+.@_______=alert(_220_)
569 SCRIPT_SRC=_http___ha.ckers.org_xss.js____SCRIPT
570 SCRIPT_alert(_221_);_____SCRIPT
571 SCRIPT_SRC=http___ha.ckers.org_xss.js___B
572 SCRIPT_SRC=__ha.ckers.org.j
573 IMG_SRC=_javascript_alert('222')
574 iframe_src=http___ha.ckers.org_scriptlet.html
576 u_oncopy=alert()__Copy_me__u
577 i_onwheel=alert(224)__Scroll_over_me___i
580 textarea__script_alert(225)__script
584 Strings_which_can_cause_a_SQL_injection_if_inputs_are_not_sanitized
587 1';_DROP_TABLE_users--_1
590 ';_EXEC_sp_MSForEachTable_'DROP_TABLE__'
595 Server_Code_Injection
597 Strings_which_can_cause_user_to_run_code_on_server_as_a_privileged_user_(c.f._https___news.ycombinator.com_item_id=7665153)
604 dev_null;_touch__tmp_blns.fail_;_echo
606 $(touch__tmp_blns.fail)
607 @__system__touch__tmp_blns.fail
609 Command_Injection_(Ruby)
611 Strings_which_can_call_system_commands_within_Ruby_Rails_applications
613 eval(_puts_'hello_world'_)
616 Kernel.exec(_ls_-al___)
622 String_which_can_reveal_system_files_when_parsed_by_a_badly_configured_XML_parser
624 xml_version=_1.0__encoding=_ISO-8859-1____!DOCTYPE_foo____!ELEMENT_foo_ANY___!ENTITY_xxe_SYSTEM__file____etc_passwd______foo__xxe;__foo
626 Unwanted_Interpolation
628 Strings_which_can_be_accidentally_expanded_into_different_strings_if_evaluated_in_the_wrong_context,_e.g._used_as_a_printf_format_string_or_via_Perl_or_shell_eval._Might_expose_sensitive_data_from_the_program_doing_the_interpolation,_or_might_just_repres.
642 Strings_which_can_cause_user_to_pull_in_files_that_should_not_be_a_part_of_a_web_server
647 Known_CVEs_and_Vulnerabilities
649 Strings_that_test_for_known_vulnerabilities
651 ()___0;__;_touch__tmp_blns.shellshock1.fail
652 ()____;______$($())____touch__tmp_blns.shellshock2.fail
656 MSDOS_Windows_Special_Filenames
658 Strings_which_are_reserved_characters_in_MSDOS_Windows
677 Strings_that_may_occur_on_IRC_clients_that_make_security_products_freak_out
679 DCC_SEND_STARTKEYLOGGER_0_0_0
683 Innocuous_strings_which_may_be_blocked_by_profanity_filters_(https___en.wikipedia.org_wiki_Scunthorpe_problem)
685 Scunthorpe_General_Hospital
686 Penistone_Community_Church
687 Lightwater_Country_Park
693 Craig_Cockburn,_Software_Specialist
695 Dr._Herman_I.Libshitz
698 medieval_erection_of_parapets
710 Strings_which_may_cause_human_to_reinterpret_worldview
712 If_you're_reading_this,_you've_been_in_a_coma_for_almost_20_years_now._We're_trying_a_new_technique._We_don't_know_where_this_message_will_end_up_in_your_dream,_but_we_hope_it_works._Please_wake_up,_we_miss_you.
714 Terminal_escape_codes
716 Strings_which_punish_the_fools_who_use_cat_type_on_this_file
718 Roses_are___0;31mred__0m,_violets_are___0;34mblue.Hope_you_enjoy_terminal_hue
719 But_now...__20Cfor_my_greatest_trick.8m
720 The_quic______k_brown_fo___________x.Beeeep
724 Strings_which_crashed_iMessage_in_various_versions_of_iOS
726 Powerلُلُصّبُلُلصّبُررً_ॣ_ॣh_ॣ_ॣ冗
730 Persian_special_characters
732 This_is_a_four_characters_string_which_includes_Persian_special_characters_(گچپژ)
738 first_one_is_supposed_to_raise__MemoryError__exception
739 second,_obviously,_prints_contents_of__etc_passwd
741 print_'x'___64___1024__3
742 class__.__mro___2_.__subclasses__()_40_(__etc_passwd_).read()