Reserved_Strings
_
Strings_which_may_be_used_elsewhere_in_code
_
undefined
undef
null
NULL
(null)
nil
NIL
true
false
True
False
TRUE
FALSE
None
hasOwnProperty
then
constructor
_
_
_
Numeric_Strings
_
Strings_which_can_be_interpreted_as_numeric
_
0
1
1.00
$1.00
1_2
1E2
1E02
1E+02
1
1.00
$1.00
1_2
1E2
1E02
1E+02
1_0
0_0
2147483648_-1
9223372036854775808_-1
0
0.0
+0
+0.0
0.00
0.0
_
0.0.0
0,00
0,,0
_
0,0,0
0.0_0
1.0_0.0
0.0_0.0
1,0_0,0
0,0_0,0
1
_
_
_
999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999
NaN
Infinity
Infinity
INF
1_INF
1_IND
1_QNAN
1_SNAN
1_IND
0x0
0xffffffff
0xffffffffffffffff
0xabad1dea
123456789012345678901234567890123456789
1,000.00
1_000.00
1'000.00
1,000,000.00
1_000_000.00
1'000'000.00
1.000,00
1_000,00
1'000,00
1.000.000,00
1_000_000,00
1'000'000,00
01000
08
09
2.2250738585072011e-308
_
Special_Characters
_
ASCII_punctuation.All_of_these_characters_may_need_to_be_escaped_in_some
contexts.__Divided_into_three_groups_based_on_(US-layout)_keyboard_position.
_
.'___-=
+
!@_$____()_~
_
Non-whitespace_C0_controls__U+0001_through_U+0008,_U+000E_through_U+001F
and_U+007F_(DEL)
Often_forbidden_to_appear_in_various_text-based_file_formats_(e.g.XML)
or_reused_for_internal_delimiters_on_the_theory_that_they_should_never
appear_in_input.
The_next_line_may_appear_to_be_blank_or_mojibake_in_some_viewers.
_
_
Non-whitespace_C1_controls__U+0080_through_U+0084_and_U+0086_through_U+009F.
Commonly_misinterpreted_as_additional_graphic_characters.
The_next_line_may_appear_to_be_blank,_mojibake,_or_dingbats_in_some_viewers.
_
_
Whitespace__all_of_the_characters_with_category_Zs,_Zl,_or_Zp_(in_Unicode
version_8.0.0),_plus_U+0009_(HT),_U+000B_(VT),_U+000C_(FF),_U+0085_(NEL)
and_U+200B_(ZERO_WIDTH_SPACE),_which_are_in_the_C_categories_but_are_often
treated_as_whitespace_in_some_contexts.
This_file_unfortunately_cannot_express_strings_containing
U+0000,_U+000A,_or_U+000D_(NUL,_LF,_CR).
The_next_line_may_appear_to_be_blank_or_mojibake_in_some_viewers.
The_next_line_may_be_flagged_for__trailing_whitespace__in_some_viewers.
​
_
Unicode_additional_control_characters__all_of_the_characters_with
general_category_Cf_(in_Unicode_8.0.0).
The_next_line_may_appear_to_be_blank_or_mojibake_in_some_viewers.
­؀؁؂؃؄؅؜۝܏᠎​‌‍‎‏_____⁠⁡⁢⁣⁤____⁪⁫⁬⁭⁮⁯﻿￹￺￻𑂽𛲠𛲡𛲢𛲣𝅳𝅴𝅵𝅶𝅷𝅸𝅹𝅺󠀁󠀠󠀡󠀢󠀣󠀤󠀥󠀦󠀧󠀨󠀩󠀪󠀫󠀬󠀭󠀮󠀯󠀰󠀱󠀲󠀳󠀴󠀵󠀶󠀷󠀸󠀹
_
Byte_order_marks_,_U+FEFF_and_U+FFFE,_each_on_its_own_line.
The_next_two_lines_may_appear_to_be_blank_or_mojibake_in_some_viewers.
﻿
_
_
Unicode_Symbols
_
Strings_which_contain_common_unicode_symbols_(e.g.smart_quotes)
_
Ω≈ç√∫˜µ≤≥÷
åß∂ƒ©˙∆˚¬…æ
œ∑´®†¥¨ˆøπ“‘
¡™£¢∞§¶•ªº–≠
¸˛Ç◊ı˜Â¯˘¿
ÅÍÎÏ˝ÓÔÒÚÆ☃
Œ„´‰ˇÁ¨ˆØ∏”’
⁄€‹›ﬁﬂ‡°·‚—±
⅛⅜⅝⅞
ЁЂЃЄЅІЇЈЉЊЋЌЍЎЏАБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯабвгдежзийклмнопрстуфхцчшщъыьэюя
٠١٢٣٤٥٦٧٨٩
_
Unicode_Subscript_Superscript_Accents
_
Strings_which_contain_unicode_subscripts_superscripts;_can_cause_rendering_issues
_
⁰⁴⁵
₀₁₂
⁰⁴⁵₀₁₂
ด้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้
_
Quotation_Marks
_
Strings_which_contain_misplaced_quotation_marks;_can_cause_encoding_errors
_
'
_
''
_
'_'
''''_'
'_'_''''
foo_val=“bar”
foo_val=“bar”
foo_val=”bar“
foo_val=_bar'
_
Two-Byte_Characters
_
Strings_which_contain_two-byte_characters__can_cause_rendering_issues_or_character-length_issues
_
田中さんにあげて下さい
パーティーへ行かないか
和製漢語
部落格
사회과학원_어학연구소
찦차를_타고_온_펲시맨과_쑛다리_똠방각하
社會科學院語學研究所
울란바토르
𠜎𠜱𠝹𠱓𠱸𠲖𠳏
_
Strings_which_contain_two-byte_letters__can_cause_issues_with_naïve_UTF-16_capitalizers_which_think_that_16_bits_==_1_character
_
𐐜_𐐔𐐇𐐝𐐀𐐡𐐇𐐓_𐐙𐐊𐐡𐐝𐐓_𐐝𐐇𐐗𐐊𐐤𐐔_𐐒𐐋𐐗_𐐒𐐌_𐐜_𐐡𐐀𐐖𐐇𐐤𐐓𐐝_𐐱𐑂_𐑄_𐐔𐐇𐐝𐐀𐐡𐐇𐐓_𐐏𐐆𐐅𐐤𐐆𐐚𐐊𐐡𐐝𐐆𐐓𐐆
_
Special_Unicode_Characters_Union
_
A_super_string_recommended_by_VMware_Inc._Globalization_Team__can_effectively_cause_rendering_issues_or_character-length_issues_to_validate_product_globalization_readiness.
_
表__________CJK_UNIFIED_IDEOGRAPHS_(U+8868)
ポ__________KATAKANA_LETTER_PO_(U+30DD)
あ__________HIRAGANA_LETTER_A_(U+3042)
A___________LATIN_CAPITAL_LETTER_A_(U+0041)
鷗__________CJK_UNIFIED_IDEOGRAPHS_(U+9DD7)
Œ___________LATIN_SMALL_LIGATURE_OE_(U+0153)
é___________LATIN_SMALL_LETTER_E_WITH_ACUTE_(U+00E9)
Ｂ___________FULLWIDTH_LATIN_CAPITAL_LETTER_B_(U+FF22)
逍__________CJK_UNIFIED_IDEOGRAPHS_(U+900D)
Ü___________LATIN_SMALL_LETTER_U_WITH_DIAERESIS_(U+00FC)
ß___________LATIN_SMALL_LETTER_SHARP_S_(U+00DF)
ª___________FEMININE_ORDINAL_INDICATOR_(U+00AA)
ą___________LATIN_SMALL_LETTER_A_WITH_OGONEK_(U+0105)
ñ___________LATIN_SMALL_LETTER_N_WITH_TILDE_(U+00F1)
丂__________CJK_UNIFIED_IDEOGRAPHS_(U+4E02)
㐀__________CJK_Ideograph_Extension_A,_First_(U+3400)
𠀀__________CJK_Ideograph_Extension_B,_First_(U+20000)
_
表ポあA鷗ŒéＢ逍Üßªąñ丂㐀𠀀
_
Changing_length_when_lowercased
_
Characters_which_increase_in_length_(2_to_3_bytes)_when_lowercased
Credit__https___twitter.com_jifa_status_625776454479970304
_
Ⱥ
Ⱦ
_
Japanese_Emoticons
_
Strings_which_consists_of_Japanese-style_emoticons_which_are_popular_on_the_web
_
ヽ༼ຈل͜ຈ༽ﾉ_ヽ༼ຈل͜ຈ༽ﾉ
(｡◕_∀_◕｡)
｀ｨ(´∀｀∩
ﾛ(,_,_)
・(￣∀￣)・
ﾟ･✿ヾ╲(｡◕‿◕｡)╱✿･ﾟ
。・___・゜’(_☻_ω_☻_)。・___・゜’
(╯°□°）╯︵_┻━┻)
(ﾉಥ益ಥ）ﾉ﻿_┻━┻
┬─┬ノ(_º___ºノ)
(_͡°_͜ʖ_͡°)
¯__(ツ)__¯
_
Emoji
_
Strings_which_contain_Emoji;_should_be_the_same_behavior_as_two-byte_characters,_but_not_always
_
😍
👩🏽
👨‍🦰_👨🏿‍🦰_👨‍🦱_👨🏿‍🦱_🦹🏿‍♂️
👾_🙇_💁_🙅_🙆_🙋_🙎_🙍
🐵_🙈_🙉_🙊
❤️_💔_💌_💕_💞_💓_💗_💖_💘_💝_💟_💜_💛_💚_💙
✋🏿_💪🏿_👐🏿_🙌🏿_👏🏿_🙏🏿
👨‍👩‍👦_👨‍👩‍👧‍👦_👨‍👨‍👦_👩‍👩‍👧_👨‍👦_👨‍👧‍👦_👩‍👦_👩‍👧‍👦
🚾_🆒_🆓_🆕_🆖_🆗_🆙_🏧
0️⃣_1️⃣_2️⃣_3️⃣_4️⃣_5️⃣_6️⃣_7️⃣_8️⃣_9️⃣_🔟
_
Regional_Indicator_Symbols
_
Regional_Indicator_Symbols_can_be_displayed_differently_across
fonts,_and_have_a_number_of_special_behaviors
_
🇺🇸🇷🇺🇸_🇦🇫🇦🇲🇸
🇺🇸🇷🇺🇸🇦🇫🇦🇲
🇺🇸🇷🇺🇸🇦
_
Unicode_Numbers
_
Strings_which_contain_unicode_numbers;_if_the_code_is_localized,_it_should_see_the_input_as_numeric
_
１２３
١٢٣
_
Right-To-Left_Strings
_
Strings_which_contain_text_that_should_be_rendered_RTL_if_possible_(e.g.Arabic,_Hebrew)
_
ثم_نفس_سقطت_وبالتحديد،,_جزيرتي_باستخدام_أن_دنو._إذ_هنا؟_الستار_وتنصيب_كان._أهّل_ايطاليا،_بريطانيا-فرنسا_قد_أخذ._سليمان،_إتفاقية_بين_ما,_يذكر.
בְּרֵאשִׁית,_בָּרָא_אֱלֹהִים,_אֵת_הַשָּׁמַיִם,_וְאֵת_הָאָרֶץ
הָיְתָהtestالصفحات_التّحول
﷽
ﷺ
مُنَاقَشَةُ_سُبُلِ_اِسْتِخْدَامِ_اللُّغَةِ_فِي_النُّظُمِ_الْقَائِمَةِ_وَفِيم_يَخُصَّ_التَّطْبِيقَاتُ_الْحاسُوبِيَّةُ،
الكل_في_المجمو_عة_(5)
_
Ogham_Text
_
The_only_unicode_alphabet_to_use_a_space_which_isn't_empty_but_should_still_act_like_a_space.
_
᚛ᚄᚓᚐᚋᚒᚄ_ᚑᚄᚂᚑᚏᚅ᚜
᚛_________________᚜
_
Trick_Unicode
_
Strings_which_contain_unicode_with_unusual_properties_(e.g._Right-to-left_override)_(c.f._http___www.unicode.org_charts_PDF_U2000.pdf)
_
test
test
test
test⁠test
test
_
Zalgo_Text
_
Strings_which_contain__corrupted__text._The_corruption_will_not_appear_in_non-HTML_text,_however._(via_http___www.eeemo.net)
_
Ṱ̺̺̕o͞_̷i̲̬͇̪͙n̝̗͕v̟̜̘̦͟o̶̙̰̠kè͚̮̺̪̹̱̤_̖t̝͕̳̣̻̪͞h̼͓̲̦̳̘̲e͇̣̰̦̬͎_̢̼̻̱̘h͚͎͙̜̣̲ͅi̦̲̣̰̤v̻͍e̺̭̳̪̰-m̢iͅn̖̺̞̲̯̰d̵̼̟͙̩̼̘̳_̞̥̱̳̭r̛̗̘e͙p͠r̼̞̻̭̗e̺̠.̨̹͈̣
̡͓̞ͅI̗̘̦͝n͇͇͙v̮̫ok̲̫̙͈i̖͙̭̹̠̞n̡̻̮̣̺g̲͈͙̭͙̬͎_̰t͔̦h̞̲e̢̤_͍̬̲͖f̴̘͕̣è͖ẹ̥̩l͖͔͚i͓͚̦͠n͖͍̗͓̳̮g͍_̨o͚̪͡f̘̣̬_̖̘͖̟͙̮c҉͔̫͖͓͇͖ͅh̵̤̣͚͔á̗̼͕ͅo̼̣̥s̱͈̺̖.̛̖̞̠̫̰
̗̺͖̹̯͓Ṯ̤͍̥͇͈h̲́e͏͓̼̗̙̼̣͔_͇̜̱̠͓͍ͅN͕͠e̗̱z̘̝̜̺͙p̤̺̹͍̯͚e̠̻̠͜r̨̤͍̺̖͔̖̖d̠̟̭̬̝͟i̦͖̩͓͔̤a̠̗̬͉̙n͚͜_̻̞̰͚ͅh̵͉i̳̞v̢͇ḙ͎͟-҉̭̩̼͔m̤̭̫i͕͇̝̦n̗͙ḍ̟_̯̲͕͞ǫ̟̯̰.̟
̦H̬̤̗̤͝e͜_̜̥̝̻͍̟́w̕h̖̯͓o̝͙̖͎̱̮_҉̺̙̞̟͈W̷̼̭a̺̪͍į͈͕̭͙̯̜t̶̼̮s̘͙͖̕_̠̫̠B̻͍͙͉̳ͅe̵h̵̬͇̫͙i̹͓̳̳̮͎̫̕n͟d̴̪̜̖_̰͉̩͇͙̲͞ͅT͖̼͓̪͢h͏͓̮̻e̬̝̟ͅ_̤̹̝W͙̞̝͔͇͝ͅa͏͓͔̹.͕
Z̮̞̠͙͔ͅḀ̗̞͈̻̗Ḷ͙͎̯̹̞͓G̻O̭̗̮
_
Unicode_Upsidedown
_
Strings_which_contain_unicode_with_an__upsidedown__effect_(via_http___www.upsidedowntext.com)
_
˙ɐnbᴉlɐ_ɐuƃɐɯ_ǝɹolop_ʇǝ_ǝɹoqɐl_ʇn_ʇunpᴉpᴉɔuᴉ_ɹodɯǝʇ_poɯsnᴉǝ_op_pǝs_'ʇᴉlǝ_ƃuᴉɔsᴉdᴉpɐ_ɹnʇǝʇɔǝsuoɔ_'ʇǝɯɐ_ʇᴉs_ɹolop_ɯnsdᴉ_ɯǝɹo˥
00˙Ɩ$
_
Unicode_font
_
Strings_which_contain_bold_italic_etc.versions_of_normal_characters
_
Ｔｈｅ_ｑｕｉｃｋ_ｂｒｏｗｎ_ｆｏｘ_ｊｕｍｐｓ_ｏｖｅｒ_ｔｈｅ_ｌａｚｙ_ｄｏｇ
𝐓𝐡𝐞_𝐪𝐮𝐢𝐜𝐤_𝐛𝐫𝐨𝐰𝐧_𝐟𝐨𝐱_𝐣𝐮𝐦𝐩𝐬_𝐨𝐯𝐞𝐫_𝐭𝐡𝐞_𝐥𝐚𝐳𝐲_𝐝𝐨𝐠
𝕿𝖍𝖊_𝖖𝖚𝖎𝖈𝖐_𝖇𝖗𝖔𝖜𝖓_𝖋𝖔𝖝_𝖏𝖚𝖒𝖕𝖘_𝖔𝖛𝖊𝖗_𝖙𝖍𝖊_𝖑𝖆𝖟𝖞_𝖉𝖔𝖌
𝑻𝒉𝒆_𝒒𝒖𝒊𝒄𝒌_𝒃𝒓𝒐𝒘𝒏_𝒇𝒐𝒙_𝒋𝒖𝒎𝒑𝒔_𝒐𝒗𝒆𝒓_𝒕𝒉𝒆_𝒍𝒂𝒛𝒚_𝒅𝒐𝒈
𝓣𝓱𝓮_𝓺𝓾𝓲𝓬𝓴_𝓫𝓻𝓸𝔀𝓷_𝓯𝓸𝔁_𝓳𝓾𝓶𝓹𝓼_𝓸𝓿𝓮𝓻_𝓽𝓱𝓮_𝓵𝓪𝔃𝔂_𝓭𝓸𝓰
𝕋𝕙𝕖_𝕢𝕦𝕚𝕔𝕜_𝕓𝕣𝕠𝕨𝕟_𝕗𝕠𝕩_𝕛𝕦𝕞𝕡𝕤_𝕠𝕧𝕖𝕣_𝕥𝕙𝕖_𝕝𝕒𝕫𝕪_𝕕𝕠𝕘
𝚃𝚑𝚎_𝚚𝚞𝚒𝚌𝚔_𝚋𝚛𝚘𝚠𝚗_𝚏𝚘𝚡_𝚓𝚞𝚖𝚙𝚜_𝚘𝚟𝚎𝚛_𝚝𝚑𝚎_𝚕𝚊𝚣𝚢_𝚍𝚘𝚐
⒯⒣⒠_⒬⒰⒤⒞⒦_⒝⒭⒪⒲⒩_⒡⒪⒳_⒥⒰⒨⒫⒮_⒪⒱⒠⒭_⒯⒣⒠_⒧⒜⒵⒴_⒟⒪⒢
_
Script_Injection
_
Strings_which_attempt_to_invoke_a_benign_script_injection;_shows_vulnerability_to_XSS
_
script_alert(0)__script
lt;script_gt;alert(__39;1__39;);_lt;_script_gt
img_src=x_onerror=alert(2)
svg__script_123_1_alert(3)__script
script_alert(4)__script
'__script_alert(5)__script
script_alert(6)__script
script__script_alert(7)__script
script____script__alert(8)____script
onfocus=JaVaSCript_alert(9)_autofocus
onfocus=JaVaSCript_alert(10)_autofocus
'_onfocus=JaVaSCript_alert(11)_autofocus
＜script＞alert(12)＜_script＞
sc_script_ript_alert(13)__sc__script_ript
script_alert(14)__script
alert(15);t=
';alert(16);t='
JavaSCript_alert(17)
alert(18)
src=JaVaSCript_prompt(19)
script_alert(20);__script_x=
'__script_alert(21);__script_x='
script_alert(22);__script_x=
autofocus_onkeyup=_javascript_alert(23)
'_autofocus_onkeyup='javascript_alert(24)
script_x20type=_text_javascript__javascript_alert(25);__script
script_x3Etype=_text_javascript__javascript_alert(26);__script
script_x0Dtype=_text_javascript__javascript_alert(27);__script
script_x09type=_text_javascript__javascript_alert(28);__script
script_x0Ctype=_text_javascript__javascript_alert(29);__script
script_x2Ftype=_text_javascript__javascript_alert(30);__script
script_x0Atype=_text_javascript__javascript_alert(31);__script
'_____x3Cscript_javascript_alert(32)__script
'_____x00script_javascript_alert(33)__script
ABC_div_style=_x_x3Aexpression(javascript_alert(34)__DEF
ABC_div_style=_x_expression_x5C(javascript_alert(35)__DEF
ABC_div_style=_x_expression_x00(javascript_alert(36)__DEF
ABC_div_style=_x_exp_x00ression(javascript_alert(37)__DEF
ABC_div_style=_x_exp_x5Cression(javascript_alert(38)__DEF
ABC_div_style=_x__x0Aexpression(javascript_alert(39)__DEF
ABC_div_style=_x__x09expression(javascript_alert(40)__DEF
ABC_div_style=_x__xE3_x80_x80expression(javascript_alert(41)__DEF
ABC_div_style=_x__xE2_x80_x84expression(javascript_alert(42)__DEF
ABC_div_style=_x__xC2_xA0expression(javascript_alert(43)__DEF
ABC_div_style=_x__xE2_x80_x80expression(javascript_alert(44)__DEF
ABC_div_style=_x__xE2_x80_x8Aexpression(javascript_alert(45)__DEF
ABC_div_style=_x__x0Dexpression(javascript_alert(46)__DEF
ABC_div_style=_x__x0Cexpression(javascript_alert(47)__DEF
ABC_div_style=_x__xE2_x80_x87expression(javascript_alert(48)__DEF
ABC_div_style=_x__xEF_xBB_xBFexpression(javascript_alert(49)__DEF
ABC_div_style=_x__x20expression(javascript_alert(50)__DEF
ABC_div_style=_x__xE2_x80_x88expression(javascript_alert(51)__DEF
ABC_div_style=_x__x00expression(javascript_alert(52)__DEF
ABC_div_style=_x__xE2_x80_x8Bexpression(javascript_alert(53)__DEF
ABC_div_style=_x__xE2_x80_x86expression(javascript_alert(54)__DEF
ABC_div_style=_x__xE2_x80_x85expression(javascript_alert(55)__DEF
ABC_div_style=_x__xE2_x80_x82expression(javascript_alert(56)__DEF
ABC_div_style=_x__x0Bexpression(javascript_alert(57)__DEF
ABC_div_style=_x__xE2_x80_x81expression(javascript_alert(58)__DEF
ABC_div_style=_x__xE2_x80_x83expression(javascript_alert(59)__DEF
ABC_div_style=_x__xE2_x80_x89expression(javascript_alert(60)__DEF
a_href=__x0Bjavascript_javascript_alert(61)__id=_fuzzelement1__test__a
a_href=__x0Fjavascript_javascript_alert(62)__id=_fuzzelement1__test__a
a_href=__xC2_xA0javascript_javascript_alert(63)__id=_fuzzelement1__test__a
a_href=__x05javascript_javascript_alert(64)__id=_fuzzelement1__test__a
a_href=__xE1_xA0_x8Ejavascript_javascript_alert(65)__id=_fuzzelement1__test__a
a_href=__x18javascript_javascript_alert(66)__id=_fuzzelement1__test__a
a_href=__x11javascript_javascript_alert(67)__id=_fuzzelement1__test__a
a_href=__xE2_x80_x88javascript_javascript_alert(68)__id=_fuzzelement1__test__a
a_href=__xE2_x80_x89javascript_javascript_alert(69)__id=_fuzzelement1__test__a
a_href=__xE2_x80_x80javascript_javascript_alert(70)__id=_fuzzelement1__test__a
a_href=__x17javascript_javascript_alert(71)__id=_fuzzelement1__test__a
a_href=__x03javascript_javascript_alert(72)__id=_fuzzelement1__test__a
a_href=__x0Ejavascript_javascript_alert(73)__id=_fuzzelement1__test__a
a_href=__x1Ajavascript_javascript_alert(74)__id=_fuzzelement1__test__a
a_href=__x00javascript_javascript_alert(75)__id=_fuzzelement1__test__a
a_href=__x10javascript_javascript_alert(76)__id=_fuzzelement1__test__a
a_href=__xE2_x80_x82javascript_javascript_alert(77)__id=_fuzzelement1__test__a
a_href=__x20javascript_javascript_alert(78)__id=_fuzzelement1__test__a
a_href=__x13javascript_javascript_alert(79)__id=_fuzzelement1__test__a
a_href=__x09javascript_javascript_alert(80)__id=_fuzzelement1__test__a
a_href=__xE2_x80_x8Ajavascript_javascript_alert(81)__id=_fuzzelement1__test__a
a_href=__x14javascript_javascript_alert(82)__id=_fuzzelement1__test__a
a_href=__x19javascript_javascript_alert(83)__id=_fuzzelement1__test__a
a_href=__xE2_x80_xAFjavascript_javascript_alert(84)__id=_fuzzelement1__test__a
a_href=__x1Fjavascript_javascript_alert(85)__id=_fuzzelement1__test__a
a_href=__xE2_x80_x81javascript_javascript_alert(86)__id=_fuzzelement1__test__a
a_href=__x1Djavascript_javascript_alert(87)__id=_fuzzelement1__test__a
a_href=__xE2_x80_x87javascript_javascript_alert(88)__id=_fuzzelement1__test__a
a_href=__x07javascript_javascript_alert(89)__id=_fuzzelement1__test__a
a_href=__xE1_x9A_x80javascript_javascript_alert(90)__id=_fuzzelement1__test__a
a_href=__xE2_x80_x83javascript_javascript_alert(91)__id=_fuzzelement1__test__a
a_href=__x04javascript_javascript_alert(92)__id=_fuzzelement1__test__a
a_href=__x01javascript_javascript_alert(93)__id=_fuzzelement1__test__a
a_href=__x08javascript_javascript_alert(94)__id=_fuzzelement1__test__a
a_href=__xE2_x80_x84javascript_javascript_alert(95)__id=_fuzzelement1__test__a
a_href=__xE2_x80_x86javascript_javascript_alert(96)__id=_fuzzelement1__test__a
a_href=__xE3_x80_x80javascript_javascript_alert(97)__id=_fuzzelement1__test__a
a_href=__x12javascript_javascript_alert(98)__id=_fuzzelement1__test__a
a_href=__x0Djavascript_javascript_alert(99)__id=_fuzzelement1__test__a
a_href=__x0Ajavascript_javascript_alert(100)__id=_fuzzelement1__test__a
a_href=__x0Cjavascript_javascript_alert(101)__id=_fuzzelement1__test__a
a_href=__x15javascript_javascript_alert(102)__id=_fuzzelement1__test__a
a_href=__xE2_x80_xA8javascript_javascript_alert(103)__id=_fuzzelement1__test__a
a_href=__x16javascript_javascript_alert(104)__id=_fuzzelement1__test__a
a_href=__x02javascript_javascript_alert(105)__id=_fuzzelement1__test__a
a_href=__x1Bjavascript_javascript_alert(106)__id=_fuzzelement1__test__a
a_href=__x06javascript_javascript_alert(107)__id=_fuzzelement1__test__a
a_href=__xE2_x80_xA9javascript_javascript_alert(108)__id=_fuzzelement1__test__a
a_href=__xE2_x80_x85javascript_javascript_alert(109)__id=_fuzzelement1__test__a
a_href=__x1Ejavascript_javascript_alert(110)__id=_fuzzelement1__test__a
a_href=__xE2_x81_x9Fjavascript_javascript_alert(111)__id=_fuzzelement1__test__a
a_href=__x1Cjavascript_javascript_alert(112)__id=_fuzzelement1__test__a
a_href=_javascript_x00_javascript_alert(113)__id=_fuzzelement1__test__a
a_href=_javascript_x3A_javascript_alert(114)__id=_fuzzelement1__test__a
a_href=_javascript_x09_javascript_alert(115)__id=_fuzzelement1__test__a
a_href=_javascript_x0D_javascript_alert(116)__id=_fuzzelement1__test__a
a_href=_javascript_x0A_javascript_alert(117)__id=_fuzzelement1__test__a
'__img_src=xxx_x__x0Aonerror=javascript_alert(118)
'__img_src=xxx_x__x22onerror=javascript_alert(119)
'__img_src=xxx_x__x0Bonerror=javascript_alert(120)
'__img_src=xxx_x__x0Donerror=javascript_alert(121)
'__img_src=xxx_x__x2Fonerror=javascript_alert(122)
'__img_src=xxx_x__x09onerror=javascript_alert(123)
'__img_src=xxx_x__x0Conerror=javascript_alert(124)
'__img_src=xxx_x__x00onerror=javascript_alert(125)
'__img_src=xxx_x__x27onerror=javascript_alert(126)
'__img_src=xxx_x__x20onerror=javascript_alert(127)
'__script__x3Bjavascript_alert(128)__script
'__script__x0Djavascript_alert(129)__script
'__script__xEF_xBB_xBFjavascript_alert(130)__script
'__script__xE2_x80_x81javascript_alert(131)__script
'__script__xE2_x80_x84javascript_alert(132)__script
'__script__xE3_x80_x80javascript_alert(133)__script
'__script__x09javascript_alert(134)__script
'__script__xE2_x80_x89javascript_alert(135)__script
'__script__xE2_x80_x85javascript_alert(136)__script
'__script__xE2_x80_x88javascript_alert(137)__script
'__script__x00javascript_alert(138)__script
'__script__xE2_x80_xA8javascript_alert(139)__script
'__script__xE2_x80_x8Ajavascript_alert(140)__script
'__script__xE1_x9A_x80javascript_alert(141)__script
'__script__x0Cjavascript_alert(142)__script
'__script__x2Bjavascript_alert(143)__script
'__script__xF0_x90_x96_x9Ajavascript_alert(144)__script
'__script_-javascript_alert(145)__script
'__script__x0Ajavascript_alert(146)__script
'__script__xE2_x80_xAFjavascript_alert(147)__script
'__script__x7Ejavascript_alert(148)__script
'__script__xE2_x80_x87javascript_alert(149)__script
'__script__xE2_x81_x9Fjavascript_alert(150)__script
'__script__xE2_x80_xA9javascript_alert(151)__script
'__script__xC2_x85javascript_alert(152)__script
'__script__xEF_xBF_xAEjavascript_alert(153)__script
'__script__xE2_x80_x83javascript_alert(154)__script
'__script__xE2_x80_x8Bjavascript_alert(155)__script
'__script__xEF_xBF_xBEjavascript_alert(156)__script
'__script__xE2_x80_x80javascript_alert(157)__script
'__script__x21javascript_alert(158)__script
'__script__xE2_x80_x82javascript_alert(159)__script
'__script__xE2_x80_x86javascript_alert(160)__script
'__script__xE1_xA0_x8Ejavascript_alert(161)__script
'__script__x0Bjavascript_alert(162)__script
'__script__x20javascript_alert(163)__script
'__script__xC2_xA0javascript_alert(164)__script
img__x00src=x_onerror=_alert(165)
img__x47src=x_onerror=_javascript_alert(166)
img__x11src=x_onerror=_javascript_alert(167)
img__x12src=x_onerror=_javascript_alert(168)
img_x47src=x_onerror=_javascript_alert(169)
img_x10src=x_onerror=_javascript_alert(170)
img_x13src=x_onerror=_javascript_alert(171)
img_x32src=x_onerror=_javascript_alert(172)
img_x47src=x_onerror=_javascript_alert(173)
img_x11src=x_onerror=_javascript_alert(174)
img__x47src=x_onerror=_javascript_alert(175)
img__x34src=x_onerror=_javascript_alert(176)
img__x39src=x_onerror=_javascript_alert(177)
img__x00src=x_onerror=_javascript_alert(178)
img_src_x09=x_onerror=_javascript_alert(179)
img_src_x10=x_onerror=_javascript_alert(180)
img_src_x13=x_onerror=_javascript_alert(181)
img_src_x32=x_onerror=_javascript_alert(182)
img_src_x12=x_onerror=_javascript_alert(183)
img_src_x11=x_onerror=_javascript_alert(184)
img_src_x00=x_onerror=_javascript_alert(185)
img_src_x47=x_onerror=_javascript_alert(186)
img_src=x_x09onerror=_javascript_alert(187)
img_src=x_x10onerror=_javascript_alert(188)
img_src=x_x11onerror=_javascript_alert(189)
img_src=x_x12onerror=_javascript_alert(190)
img_src=x_x13onerror=_javascript_alert(191)
img_a__b__c_src_d_=x_e_onerror=_f__alert(192)
img_src=x_onerror=_x09_javascript_alert(193)
img_src=x_onerror=_x10_javascript_alert(194)
img_src=x_onerror=_x11_javascript_alert(195)
img_src=x_onerror=_x12_javascript_alert(196)
img_src=x_onerror=_x32_javascript_alert(197)
img_src=x_onerror=_x00_javascript_alert(198)
a_href=java__1__2__3__4__5__6__7__8__11__12script_javascript_alert(199)_XXX__a
img_src=_x____script_javascript_alert(200)__script
img_src_onerror____'_=_alt=javascript_alert(201)
title_onpropertychange=javascript_alert(202)___title__title_title=
a_href=http___foo.bar__x=_y___a__img_alt=____img_src=x_x_onerror=javascript_alert(203)___a
!--_if___script_javascript_alert(204)__script
!--_if_img_src=x_onerror=javascript_alert(205)
script_src=____(jscript)s____script
script_src=____(jscript)s____script
IMG______SCRIPT_alert(_206_)__SCRIPT
IMG_SRC=javascript_alert(String.fromCharCode(50,48,55))
IMG_SRC=__onmouseover=_alert('208')
IMG_SRC=_onmouseover=_alert('209')
IMG_onmouseover=_alert('210')
IMG_SRC=__106;__97;__118;__97;__115;__99;__114;__105;__112;__116;__58;__97;__108;__101;__114;__116;__40;__39;__50;__49;__49;__39;__41
IMG_SRC=__0000106__0000097__0000118__0000097__0000115__0000099__0000114__0000105__0000112__0000116__0000058__0000097__0000108__0000101__0000114__0000116__0000040__0000039__0000050__0000049__0000050__0000039__0000041
IMG_SRC=__x6A__x61__x76__x61__x73__x63__x72__x69__x70__x74__x3A__x61__x6C__x65__x72__x74__x28__x27__x32__x31__x33__x27__x29
IMG_SRC=_jav___ascript_alert('214')
IMG_SRC=_jav__x09;ascript_alert('215')
IMG_SRC=_jav__x0A;ascript_alert('216')
IMG_SRC=_jav__x0D;ascript_alert('217')
perl_-e_'print___IMG_SRC=java_0script_alert(__218__)__;'___out
IMG_SRC=____14;__javascript_alert('219')
SCRIPT_XSS_SRC=_http___ha.ckers.org_xss.js____SCRIPT
BODY_onload!_$__()_~+.@_______=alert(_220_)
SCRIPT_SRC=_http___ha.ckers.org_xss.js____SCRIPT
SCRIPT_alert(_221_);_____SCRIPT
SCRIPT_SRC=http___ha.ckers.org_xss.js___B
SCRIPT_SRC=__ha.ckers.org.j
IMG_SRC=_javascript_alert('222')
iframe_src=http___ha.ckers.org_scriptlet.html
alert('223')
u_oncopy=alert()__Copy_me__u
i_onwheel=alert(224)__Scroll_over_me___i
plaintext
http___a___30_30
textarea__script_alert(225)__script
_
SQL_Injection
_
Strings_which_can_cause_a_SQL_injection_if_inputs_are_not_sanitized
_
1;DROP_TABLE_users
1';_DROP_TABLE_users--_1
'_OR_1=1_--_1
'_OR_'1'='1
';_EXEC_sp_MSForEachTable_'DROP_TABLE__'
_
_
_
_
Server_Code_Injection
_
Strings_which_can_cause_user_to_run_code_on_server_as_a_privileged_user_(c.f._https___news.ycombinator.com_item_id=7665153)
_
_
_
version
help
$USER
dev_null;_touch__tmp_blns.fail_;_echo
touch__tmp_blns.fail
$(touch__tmp_blns.fail)
@__system__touch__tmp_blns.fail
_
Command_Injection_(Ruby)
_
Strings_which_can_call_system_commands_within_Ruby_Rails_applications
_
eval(_puts_'hello_world'_)
System(_ls_-al___)
ls_-al
Kernel.exec(_ls_-al___)
Kernel.exit(1)
x('ls_-al__')
_
XXE_Injection_(XML)
_
String_which_can_reveal_system_files_when_parsed_by_a_badly_configured_XML_parser
_
xml_version=_1.0__encoding=_ISO-8859-1____!DOCTYPE_foo____!ELEMENT_foo_ANY___!ENTITY_xxe_SYSTEM__file____etc_passwd______foo__xxe;__foo
_
Unwanted_Interpolation
_
Strings_which_can_be_accidentally_expanded_into_different_strings_if_evaluated_in_the_wrong_context,_e.g._used_as_a_printf_format_string_or_via_Perl_or_shell_eval._Might_expose_sensitive_data_from_the_program_doing_the_interpolation,_or_might_just_repres.
_
$HOME
$ENV_'HOME'
d
s_s_s_s_s
0
.s
@
n
File
_
File_Inclusion
_
Strings_which_can_cause_user_to_pull_in_files_that_should_not_be_a_part_of_a_web_server
_
.etc_passwd_00
.etc_hosts
_
Known_CVEs_and_Vulnerabilities
_
Strings_that_test_for_known_vulnerabilities
_
()___0;__;_touch__tmp_blns.shellshock1.fail
()____;______$($())____touch__tmp_blns.shellshock2.fail
s(un='_s')_=__u
+++ATH0
_
MSDOS_Windows_Special_Filenames
_
Strings_which_are_reserved_characters_in_MSDOS_Windows
_
CON_
PRN_
AUX_
CLOCK$
NUL_
A
ZZ
COM1_
LPT1_
LPT2_
LPT3_
COM2_
COM3_
COM4_
_
IRC_specific_strings
_
Strings_that_may_occur_on_IRC_clients_that_make_security_products_freak_out
_
DCC_SEND_STARTKEYLOGGER_0_0_0
_
Scunthorpe_Problem
_
Innocuous_strings_which_may_be_blocked_by_profanity_filters_(https___en.wikipedia.org_wiki_Scunthorpe_problem)
_
Scunthorpe_General_Hospital
Penistone_Community_Church
Lightwater_Country_Park
Jimmy_Clitheroe
Horniman_Museum
shitake_mushrooms
RomansInSussex.co.uk
http___www.cum.qc.ca
Craig_Cockburn,_Software_Specialist
Linda_Callahan
Dr._Herman_I.Libshitz
magna_cum_laude
Super_Bowl_XXX
medieval_erection_of_parapets
evaluate
mocha
expression
Arsenal_canal
classic
Tyson_Gay
Dick_Van_Dyke
basement
_
Human_injection
_
Strings_which_may_cause_human_to_reinterpret_worldview
_
If_you're_reading_this,_you've_been_in_a_coma_for_almost_20_years_now._We're_trying_a_new_technique._We_don't_know_where_this_message_will_end_up_in_your_dream,_but_we_hope_it_works._Please_wake_up,_we_miss_you.
_
Terminal_escape_codes
_
Strings_which_punish_the_fools_who_use_cat_type_on_this_file
_
Roses_are___0;31mred__0m,_violets_are___0;34mblue.Hope_you_enjoy_terminal_hue
But_now...__20Cfor_my_greatest_trick.8m
The_quic______k_brown_fo___________x.Beeeep
_
iOS_Vulnerabilities
_
Strings_which_crashed_iMessage_in_various_versions_of_iOS
_
Powerلُلُصّبُلُلصّبُررً_ॣ_ॣh_ॣ_ॣ冗
🏳0🌈️
జ్ఞ‌ా
_
Persian_special_characters
_
This_is_a_four_characters_string_which_includes_Persian_special_characters_(گچپژ)
_
گچپژ
_
jinja2_injection
_
first_one_is_supposed_to_raise__MemoryError__exception
second,_obviously,_prints_contents_of__etc_passwd
_
print_'x'___64___1024__3
class__.__mro___2_.__subclasses__()_40_(__etc_passwd_).read()