diff --git a/lib/src/test/resources/blns.txt b/lib/src/test/resources/blns.txt
index 54d73bf4682d4558c8427a79e798831e335bd48e..21984902d187da038fa339d94eb14f2c3fe2c4a0 100644
--- a/lib/src/test/resources/blns.txt
+++ b/lib/src/test/resources/blns.txt
@@ -18,6 +18,7 @@ FALSE
None
hasOwnProperty
then
+constructor
\
\\
@@ -127,7 +128,7 @@ INF
# U+0000, U+000A, or U+000D (NUL, LF, CR).
# The next line may appear to be blank or mojibake in some viewers.
# The next line may be flagged for "trailing whitespace" in some viewers.
- ��
+ ��
# Unicode additional control characters: all of the characters with
# general category Cf (in Unicode 8.0.0).
@@ -194,6 +195,10 @@ INF
울란바토르
𠜎𠜱𠝹𠱓𠱸𠲖𠳏
+# Strings which contain two-byte letters: can cause issues with naïve UTF-16 capitalizers which think that 16 bits == 1 character
+
+𐐜 𐐔𐐇𐐝𐐀𐐡𐐇𐐓 𐐙𐐊𐐡𐐝𐐓/𐐝𐐇𐐗𐐊𐐤𐐔 𐐒𐐋𐐗 𐐒𐐌 𐐜 𐐡𐐀𐐖𐐇𐐤𐐓𐐝 𐐱𐑂 𐑄 𐐔𐐇𐐝𐐀𐐡𐐇𐐓 𐐏𐐆𐐅𐐤𐐆𐐚𐐊𐐡𐐝𐐆𐐓𐐆
+
# Special Unicode Characters Union
#
# A super string recommended by VMware Inc. Globalization Team: can effectively cause rendering issues or character-length issues to validate product globalization readiness.
@@ -203,7 +208,7 @@ INF
# あ HIRAGANA LETTER A (U+3042)
# A LATIN CAPITAL LETTER A (U+0041)
# 鷗 CJK_UNIFIED_IDEOGRAPHS (U+9DD7)
-# ΠLATIN SMALL LIGATURE OE (U+0153)
+# ΠLATIN SMALL LIGATURE OE (U+0153)
# é LATIN SMALL LETTER E WITH ACUTE (U+00E9)
# B FULLWIDTH LATIN CAPITAL LETTER B (U+FF22)
# 逍 CJK_UNIFIED_IDEOGRAPHS (U+900D)
@@ -249,10 +254,12 @@ __ロ(,_,*)
😍
👩🏽
+👨🦰 👨🏿🦰 👨🦱 👨🏿🦱 🦹🏿♂️
👾 🙇 💁 🙅 🙆 🙋 🙎 🙍
🐵 🙈 🙉 🙊
❤️ 💔 💌 💕 💞 💓 💗 💖 💘 💝 💟 💜 💛 💚 💙
✋🏿 💪🏿 👐🏿 🙌🏿 👏🏿 🙏🏿
+👨👩👦 👨👩👧👦 👨👨👦 👩👩👧 👨👦 👨👧👦 👩👦 👩👧👦
🚾 🆒 🆓 🆕 🆖 🆗 🆙 🏧
0️⃣ 1️⃣ 2️⃣ 3️⃣ 4️⃣ 5️⃣ 6️⃣ 7️⃣ 8️⃣ 9️⃣ 🔟
@@ -281,7 +288,15 @@ __ロ(,_,*)
הָיְתָהtestالصفحات التّحول
﷽
ﷺ
-مُنَاقَشَةُ سُبُلِ اِسْتِخْدَامِ اللُّغَةِ فِي النُّظُمِ الْقَائِمَةِ وَفِيم يَخُصَّ التَّطْبِيقَاتُ الْحاسُوبِيَّةُ،
+مُنَاقَشَةُ سُبُلِ اِسْتِخْدَامِ اللُّغَةِ فِي النُّظُمِ الْقَائِمَةِ وَفِيم يَخُصَّ التَّطْبِيقَاتُ الْحاسُوبِيَّةُ،
+الكل في المجمو عة (5)
+
+# Ogham Text
+#
+# The only unicode alphabet to use a space which isn't empty but should still act like a space.
+
+᚛ᚄᚓᚐᚋᚒᚄ ᚑᚄᚂᚑᚏᚅ᚜
+᚛ ᚜
# Trick Unicode
#
@@ -327,242 +342,242 @@ Z̮̞̠͙͔ͅḀ̗̞͈̻̗Ḷ͙͎̯̹̞͓G̻O̭̗̮
#
# Strings which attempt to invoke a benign script injection; shows vulnerability to XSS
-<script>alert(123)</script>
-<script>alert('123');</script>
-<img src=x onerror=alert(123) />
-<svg><script>123<1>alert(123)</script>
-"><script>alert(123)</script>
-'><script>alert(123)</script>
-><script>alert(123)</script>
-</script><script>alert(123)</script>
-< / script >< script >alert(123)< / script >
- onfocus=JaVaSCript:alert(123) autofocus
-" onfocus=JaVaSCript:alert(123) autofocus
-' onfocus=JaVaSCript:alert(123) autofocus
-<script>alert(123)</script>
-<sc<script>ript>alert(123)</sc</script>ript>
---><script>alert(123)</script>
-";alert(123);t="
-';alert(123);t='
-JavaSCript:alert(123)
-;alert(123);
-src=JaVaSCript:prompt(132)
-"><script>alert(123);</script x="
-'><script>alert(123);</script x='
-><script>alert(123);</script x=
-" autofocus onkeyup="javascript:alert(123)
-' autofocus onkeyup='javascript:alert(123)
-<script\x20type="text/javascript">javascript:alert(1);</script>
-<script\x3Etype="text/javascript">javascript:alert(1);</script>
-<script\x0Dtype="text/javascript">javascript:alert(1);</script>
-<script\x09type="text/javascript">javascript:alert(1);</script>
-<script\x0Ctype="text/javascript">javascript:alert(1);</script>
-<script\x2Ftype="text/javascript">javascript:alert(1);</script>
-<script\x0Atype="text/javascript">javascript:alert(1);</script>
-'`"><\x3Cscript>javascript:alert(1)</script>
-'`"><\x00script>javascript:alert(1)</script>
-ABC<div style="x\x3Aexpression(javascript:alert(1)">DEF
-ABC<div style="x:expression\x5C(javascript:alert(1)">DEF
-ABC<div style="x:expression\x00(javascript:alert(1)">DEF
-ABC<div style="x:exp\x00ression(javascript:alert(1)">DEF
-ABC<div style="x:exp\x5Cression(javascript:alert(1)">DEF
-ABC<div style="x:\x0Aexpression(javascript:alert(1)">DEF
-ABC<div style="x:\x09expression(javascript:alert(1)">DEF
-ABC<div style="x:\xE3\x80\x80expression(javascript:alert(1)">DEF
-ABC<div style="x:\xE2\x80\x84expression(javascript:alert(1)">DEF
-ABC<div style="x:\xC2\xA0expression(javascript:alert(1)">DEF
-ABC<div style="x:\xE2\x80\x80expression(javascript:alert(1)">DEF
-ABC<div style="x:\xE2\x80\x8Aexpression(javascript:alert(1)">DEF
-ABC<div style="x:\x0Dexpression(javascript:alert(1)">DEF
-ABC<div style="x:\x0Cexpression(javascript:alert(1)">DEF
-ABC<div style="x:\xE2\x80\x87expression(javascript:alert(1)">DEF
-ABC<div style="x:\xEF\xBB\xBFexpression(javascript:alert(1)">DEF
-ABC<div style="x:\x20expression(javascript:alert(1)">DEF
-ABC<div style="x:\xE2\x80\x88expression(javascript:alert(1)">DEF
-ABC<div style="x:\x00expression(javascript:alert(1)">DEF
-ABC<div style="x:\xE2\x80\x8Bexpression(javascript:alert(1)">DEF
-ABC<div style="x:\xE2\x80\x86expression(javascript:alert(1)">DEF
-ABC<div style="x:\xE2\x80\x85expression(javascript:alert(1)">DEF
-ABC<div style="x:\xE2\x80\x82expression(javascript:alert(1)">DEF
-ABC<div style="x:\x0Bexpression(javascript:alert(1)">DEF
-ABC<div style="x:\xE2\x80\x81expression(javascript:alert(1)">DEF
-ABC<div style="x:\xE2\x80\x83expression(javascript:alert(1)">DEF
-ABC<div style="x:\xE2\x80\x89expression(javascript:alert(1)">DEF
-<a href="\x0Bjavascript:javascript:alert(1)" id="fuzzelement1">test</a>
-<a href="\x0Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a>
-<a href="\xC2\xA0javascript:javascript:alert(1)" id="fuzzelement1">test</a>
-<a href="\x05javascript:javascript:alert(1)" id="fuzzelement1">test</a>
-<a href="\xE1\xA0\x8Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a>
-<a href="\x18javascript:javascript:alert(1)" id="fuzzelement1">test</a>
-<a href="\x11javascript:javascript:alert(1)" id="fuzzelement1">test</a>
-<a href="\xE2\x80\x88javascript:javascript:alert(1)" id="fuzzelement1">test</a>
-<a href="\xE2\x80\x89javascript:javascript:alert(1)" id="fuzzelement1">test</a>
-<a href="\xE2\x80\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a>
-<a href="\x17javascript:javascript:alert(1)" id="fuzzelement1">test</a>
-<a href="\x03javascript:javascript:alert(1)" id="fuzzelement1">test</a>
-<a href="\x0Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a>
-<a href="\x1Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a>
-<a href="\x00javascript:javascript:alert(1)" id="fuzzelement1">test</a>
-<a href="\x10javascript:javascript:alert(1)" id="fuzzelement1">test</a>
-<a href="\xE2\x80\x82javascript:javascript:alert(1)" id="fuzzelement1">test</a>
-<a href="\x20javascript:javascript:alert(1)" id="fuzzelement1">test</a>
-<a href="\x13javascript:javascript:alert(1)" id="fuzzelement1">test</a>
-<a href="\x09javascript:javascript:alert(1)" id="fuzzelement1">test</a>
-<a href="\xE2\x80\x8Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a>
-<a href="\x14javascript:javascript:alert(1)" id="fuzzelement1">test</a>
-<a href="\x19javascript:javascript:alert(1)" id="fuzzelement1">test</a>
-<a href="\xE2\x80\xAFjavascript:javascript:alert(1)" id="fuzzelement1">test</a>
-<a href="\x1Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a>
-<a href="\xE2\x80\x81javascript:javascript:alert(1)" id="fuzzelement1">test</a>
-<a href="\x1Djavascript:javascript:alert(1)" id="fuzzelement1">test</a>
-<a href="\xE2\x80\x87javascript:javascript:alert(1)" id="fuzzelement1">test</a>
-<a href="\x07javascript:javascript:alert(1)" id="fuzzelement1">test</a>
-<a href="\xE1\x9A\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a>
-<a href="\xE2\x80\x83javascript:javascript:alert(1)" id="fuzzelement1">test</a>
-<a href="\x04javascript:javascript:alert(1)" id="fuzzelement1">test</a>
-<a href="\x01javascript:javascript:alert(1)" id="fuzzelement1">test</a>
-<a href="\x08javascript:javascript:alert(1)" id="fuzzelement1">test</a>
-<a href="\xE2\x80\x84javascript:javascript:alert(1)" id="fuzzelement1">test</a>
-<a href="\xE2\x80\x86javascript:javascript:alert(1)" id="fuzzelement1">test</a>
-<a href="\xE3\x80\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a>
-<a href="\x12javascript:javascript:alert(1)" id="fuzzelement1">test</a>
-<a href="\x0Djavascript:javascript:alert(1)" id="fuzzelement1">test</a>
-<a href="\x0Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a>
-<a href="\x0Cjavascript:javascript:alert(1)" id="fuzzelement1">test</a>
-<a href="\x15javascript:javascript:alert(1)" id="fuzzelement1">test</a>
-<a href="\xE2\x80\xA8javascript:javascript:alert(1)" id="fuzzelement1">test</a>
-<a href="\x16javascript:javascript:alert(1)" id="fuzzelement1">test</a>
-<a href="\x02javascript:javascript:alert(1)" id="fuzzelement1">test</a>
-<a href="\x1Bjavascript:javascript:alert(1)" id="fuzzelement1">test</a>
-<a href="\x06javascript:javascript:alert(1)" id="fuzzelement1">test</a>
-<a href="\xE2\x80\xA9javascript:javascript:alert(1)" id="fuzzelement1">test</a>
-<a href="\xE2\x80\x85javascript:javascript:alert(1)" id="fuzzelement1">test</a>
-<a href="\x1Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a>
-<a href="\xE2\x81\x9Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a>
-<a href="\x1Cjavascript:javascript:alert(1)" id="fuzzelement1">test</a>
-<a href="javascript\x00:javascript:alert(1)" id="fuzzelement1">test</a>
-<a href="javascript\x3A:javascript:alert(1)" id="fuzzelement1">test</a>
-<a href="javascript\x09:javascript:alert(1)" id="fuzzelement1">test</a>
-<a href="javascript\x0D:javascript:alert(1)" id="fuzzelement1">test</a>
-<a href="javascript\x0A:javascript:alert(1)" id="fuzzelement1">test</a>
-`"'><img src=xxx:x \x0Aonerror=javascript:alert(1)>
-`"'><img src=xxx:x \x22onerror=javascript:alert(1)>
-`"'><img src=xxx:x \x0Bonerror=javascript:alert(1)>
-`"'><img src=xxx:x \x0Donerror=javascript:alert(1)>
-`"'><img src=xxx:x \x2Fonerror=javascript:alert(1)>
-`"'><img src=xxx:x \x09onerror=javascript:alert(1)>
-`"'><img src=xxx:x \x0Conerror=javascript:alert(1)>
-`"'><img src=xxx:x \x00onerror=javascript:alert(1)>
-`"'><img src=xxx:x \x27onerror=javascript:alert(1)>
-`"'><img src=xxx:x \x20onerror=javascript:alert(1)>
-"`'><script>\x3Bjavascript:alert(1)</script>
-"`'><script>\x0Djavascript:alert(1)</script>
-"`'><script>\xEF\xBB\xBFjavascript:alert(1)</script>
-"`'><script>\xE2\x80\x81javascript:alert(1)</script>
-"`'><script>\xE2\x80\x84javascript:alert(1)</script>
-"`'><script>\xE3\x80\x80javascript:alert(1)</script>
-"`'><script>\x09javascript:alert(1)</script>
-"`'><script>\xE2\x80\x89javascript:alert(1)</script>
-"`'><script>\xE2\x80\x85javascript:alert(1)</script>
-"`'><script>\xE2\x80\x88javascript:alert(1)</script>
-"`'><script>\x00javascript:alert(1)</script>
-"`'><script>\xE2\x80\xA8javascript:alert(1)</script>
-"`'><script>\xE2\x80\x8Ajavascript:alert(1)</script>
-"`'><script>\xE1\x9A\x80javascript:alert(1)</script>
-"`'><script>\x0Cjavascript:alert(1)</script>
-"`'><script>\x2Bjavascript:alert(1)</script>
-"`'><script>\xF0\x90\x96\x9Ajavascript:alert(1)</script>
-"`'><script>-javascript:alert(1)</script>
-"`'><script>\x0Ajavascript:alert(1)</script>
-"`'><script>\xE2\x80\xAFjavascript:alert(1)</script>
-"`'><script>\x7Ejavascript:alert(1)</script>
-"`'><script>\xE2\x80\x87javascript:alert(1)</script>
-"`'><script>\xE2\x81\x9Fjavascript:alert(1)</script>
-"`'><script>\xE2\x80\xA9javascript:alert(1)</script>
-"`'><script>\xC2\x85javascript:alert(1)</script>
-"`'><script>\xEF\xBF\xAEjavascript:alert(1)</script>
-"`'><script>\xE2\x80\x83javascript:alert(1)</script>
-"`'><script>\xE2\x80\x8Bjavascript:alert(1)</script>
-"`'><script>\xEF\xBF\xBEjavascript:alert(1)</script>
-"`'><script>\xE2\x80\x80javascript:alert(1)</script>
-"`'><script>\x21javascript:alert(1)</script>
-"`'><script>\xE2\x80\x82javascript:alert(1)</script>
-"`'><script>\xE2\x80\x86javascript:alert(1)</script>
-"`'><script>\xE1\xA0\x8Ejavascript:alert(1)</script>
-"`'><script>\x0Bjavascript:alert(1)</script>
-"`'><script>\x20javascript:alert(1)</script>
-"`'><script>\xC2\xA0javascript:alert(1)</script>
-<img \x00src=x onerror="alert(1)">
-<img \x47src=x onerror="javascript:alert(1)">
-<img \x11src=x onerror="javascript:alert(1)">
-<img \x12src=x onerror="javascript:alert(1)">
-<img\x47src=x onerror="javascript:alert(1)">
-<img\x10src=x onerror="javascript:alert(1)">
-<img\x13src=x onerror="javascript:alert(1)">
-<img\x32src=x onerror="javascript:alert(1)">
-<img\x47src=x onerror="javascript:alert(1)">
-<img\x11src=x onerror="javascript:alert(1)">
-<img \x47src=x onerror="javascript:alert(1)">
-<img \x34src=x onerror="javascript:alert(1)">
-<img \x39src=x onerror="javascript:alert(1)">
-<img \x00src=x onerror="javascript:alert(1)">
-<img src\x09=x onerror="javascript:alert(1)">
-<img src\x10=x onerror="javascript:alert(1)">
-<img src\x13=x onerror="javascript:alert(1)">
-<img src\x32=x onerror="javascript:alert(1)">
-<img src\x12=x onerror="javascript:alert(1)">
-<img src\x11=x onerror="javascript:alert(1)">
-<img src\x00=x onerror="javascript:alert(1)">
-<img src\x47=x onerror="javascript:alert(1)">
-<img src=x\x09onerror="javascript:alert(1)">
-<img src=x\x10onerror="javascript:alert(1)">
-<img src=x\x11onerror="javascript:alert(1)">
-<img src=x\x12onerror="javascript:alert(1)">
-<img src=x\x13onerror="javascript:alert(1)">
-<img[a][b][c]src[d]=x[e]onerror=[f]"alert(1)">
-<img src=x onerror=\x09"javascript:alert(1)">
-<img src=x onerror=\x10"javascript:alert(1)">
-<img src=x onerror=\x11"javascript:alert(1)">
-<img src=x onerror=\x12"javascript:alert(1)">
-<img src=x onerror=\x32"javascript:alert(1)">
-<img src=x onerror=\x00"javascript:alert(1)">
-<a href=javascript:javascript:alert(1)>XXX</a>
-<img src="x` `<script>javascript:alert(1)</script>"` `>
-<img src onerror /" '"= alt=javascript:alert(1)//">
-<title onpropertychange=javascript:alert(1)></title><title title=>
-<a href=http://foo.bar/#x=`y></a><img alt="`><img src=x:x onerror=javascript:alert(1)></a>">
-<!--[if]><script>javascript:alert(1)</script -->
-<!--[if<img src=x onerror=javascript:alert(1)//]> -->
+<script>alert(0)</script>
+<script>alert('1');</script>
+<img src=x onerror=alert(2) />
+<svg><script>123<1>alert(3)</script>
+"><script>alert(4)</script>
+'><script>alert(5)</script>
+><script>alert(6)</script>
+</script><script>alert(7)</script>
+< / script >< script >alert(8)< / script >
+ onfocus=JaVaSCript:alert(9) autofocus
+" onfocus=JaVaSCript:alert(10) autofocus
+' onfocus=JaVaSCript:alert(11) autofocus
+<script>alert(12)</script>
+<sc<script>ript>alert(13)</sc</script>ript>
+--><script>alert(14)</script>
+";alert(15);t="
+';alert(16);t='
+JavaSCript:alert(17)
+;alert(18);
+src=JaVaSCript:prompt(19)
+"><script>alert(20);</script x="
+'><script>alert(21);</script x='
+><script>alert(22);</script x=
+" autofocus onkeyup="javascript:alert(23)
+' autofocus onkeyup='javascript:alert(24)
+<script\x20type="text/javascript">javascript:alert(25);</script>
+<script\x3Etype="text/javascript">javascript:alert(26);</script>
+<script\x0Dtype="text/javascript">javascript:alert(27);</script>
+<script\x09type="text/javascript">javascript:alert(28);</script>
+<script\x0Ctype="text/javascript">javascript:alert(29);</script>
+<script\x2Ftype="text/javascript">javascript:alert(30);</script>
+<script\x0Atype="text/javascript">javascript:alert(31);</script>
+'`"><\x3Cscript>javascript:alert(32)</script>
+'`"><\x00script>javascript:alert(33)</script>
+ABC<div style="x\x3Aexpression(javascript:alert(34)">DEF
+ABC<div style="x:expression\x5C(javascript:alert(35)">DEF
+ABC<div style="x:expression\x00(javascript:alert(36)">DEF
+ABC<div style="x:exp\x00ression(javascript:alert(37)">DEF
+ABC<div style="x:exp\x5Cression(javascript:alert(38)">DEF
+ABC<div style="x:\x0Aexpression(javascript:alert(39)">DEF
+ABC<div style="x:\x09expression(javascript:alert(40)">DEF
+ABC<div style="x:\xE3\x80\x80expression(javascript:alert(41)">DEF
+ABC<div style="x:\xE2\x80\x84expression(javascript:alert(42)">DEF
+ABC<div style="x:\xC2\xA0expression(javascript:alert(43)">DEF
+ABC<div style="x:\xE2\x80\x80expression(javascript:alert(44)">DEF
+ABC<div style="x:\xE2\x80\x8Aexpression(javascript:alert(45)">DEF
+ABC<div style="x:\x0Dexpression(javascript:alert(46)">DEF
+ABC<div style="x:\x0Cexpression(javascript:alert(47)">DEF
+ABC<div style="x:\xE2\x80\x87expression(javascript:alert(48)">DEF
+ABC<div style="x:\xEF\xBB\xBFexpression(javascript:alert(49)">DEF
+ABC<div style="x:\x20expression(javascript:alert(50)">DEF
+ABC<div style="x:\xE2\x80\x88expression(javascript:alert(51)">DEF
+ABC<div style="x:\x00expression(javascript:alert(52)">DEF
+ABC<div style="x:\xE2\x80\x8Bexpression(javascript:alert(53)">DEF
+ABC<div style="x:\xE2\x80\x86expression(javascript:alert(54)">DEF
+ABC<div style="x:\xE2\x80\x85expression(javascript:alert(55)">DEF
+ABC<div style="x:\xE2\x80\x82expression(javascript:alert(56)">DEF
+ABC<div style="x:\x0Bexpression(javascript:alert(57)">DEF
+ABC<div style="x:\xE2\x80\x81expression(javascript:alert(58)">DEF
+ABC<div style="x:\xE2\x80\x83expression(javascript:alert(59)">DEF
+ABC<div style="x:\xE2\x80\x89expression(javascript:alert(60)">DEF
+<a href="\x0Bjavascript:javascript:alert(61)" id="fuzzelement1">test</a>
+<a href="\x0Fjavascript:javascript:alert(62)" id="fuzzelement1">test</a>
+<a href="\xC2\xA0javascript:javascript:alert(63)" id="fuzzelement1">test</a>
+<a href="\x05javascript:javascript:alert(64)" id="fuzzelement1">test</a>
+<a href="\xE1\xA0\x8Ejavascript:javascript:alert(65)" id="fuzzelement1">test</a>
+<a href="\x18javascript:javascript:alert(66)" id="fuzzelement1">test</a>
+<a href="\x11javascript:javascript:alert(67)" id="fuzzelement1">test</a>
+<a href="\xE2\x80\x88javascript:javascript:alert(68)" id="fuzzelement1">test</a>
+<a href="\xE2\x80\x89javascript:javascript:alert(69)" id="fuzzelement1">test</a>
+<a href="\xE2\x80\x80javascript:javascript:alert(70)" id="fuzzelement1">test</a>
+<a href="\x17javascript:javascript:alert(71)" id="fuzzelement1">test</a>
+<a href="\x03javascript:javascript:alert(72)" id="fuzzelement1">test</a>
+<a href="\x0Ejavascript:javascript:alert(73)" id="fuzzelement1">test</a>
+<a href="\x1Ajavascript:javascript:alert(74)" id="fuzzelement1">test</a>
+<a href="\x00javascript:javascript:alert(75)" id="fuzzelement1">test</a>
+<a href="\x10javascript:javascript:alert(76)" id="fuzzelement1">test</a>
+<a href="\xE2\x80\x82javascript:javascript:alert(77)" id="fuzzelement1">test</a>
+<a href="\x20javascript:javascript:alert(78)" id="fuzzelement1">test</a>
+<a href="\x13javascript:javascript:alert(79)" id="fuzzelement1">test</a>
+<a href="\x09javascript:javascript:alert(80)" id="fuzzelement1">test</a>
+<a href="\xE2\x80\x8Ajavascript:javascript:alert(81)" id="fuzzelement1">test</a>
+<a href="\x14javascript:javascript:alert(82)" id="fuzzelement1">test</a>
+<a href="\x19javascript:javascript:alert(83)" id="fuzzelement1">test</a>
+<a href="\xE2\x80\xAFjavascript:javascript:alert(84)" id="fuzzelement1">test</a>
+<a href="\x1Fjavascript:javascript:alert(85)" id="fuzzelement1">test</a>
+<a href="\xE2\x80\x81javascript:javascript:alert(86)" id="fuzzelement1">test</a>
+<a href="\x1Djavascript:javascript:alert(87)" id="fuzzelement1">test</a>
+<a href="\xE2\x80\x87javascript:javascript:alert(88)" id="fuzzelement1">test</a>
+<a href="\x07javascript:javascript:alert(89)" id="fuzzelement1">test</a>
+<a href="\xE1\x9A\x80javascript:javascript:alert(90)" id="fuzzelement1">test</a>
+<a href="\xE2\x80\x83javascript:javascript:alert(91)" id="fuzzelement1">test</a>
+<a href="\x04javascript:javascript:alert(92)" id="fuzzelement1">test</a>
+<a href="\x01javascript:javascript:alert(93)" id="fuzzelement1">test</a>
+<a href="\x08javascript:javascript:alert(94)" id="fuzzelement1">test</a>
+<a href="\xE2\x80\x84javascript:javascript:alert(95)" id="fuzzelement1">test</a>
+<a href="\xE2\x80\x86javascript:javascript:alert(96)" id="fuzzelement1">test</a>
+<a href="\xE3\x80\x80javascript:javascript:alert(97)" id="fuzzelement1">test</a>
+<a href="\x12javascript:javascript:alert(98)" id="fuzzelement1">test</a>
+<a href="\x0Djavascript:javascript:alert(99)" id="fuzzelement1">test</a>
+<a href="\x0Ajavascript:javascript:alert(100)" id="fuzzelement1">test</a>
+<a href="\x0Cjavascript:javascript:alert(101)" id="fuzzelement1">test</a>
+<a href="\x15javascript:javascript:alert(102)" id="fuzzelement1">test</a>
+<a href="\xE2\x80\xA8javascript:javascript:alert(103)" id="fuzzelement1">test</a>
+<a href="\x16javascript:javascript:alert(104)" id="fuzzelement1">test</a>
+<a href="\x02javascript:javascript:alert(105)" id="fuzzelement1">test</a>
+<a href="\x1Bjavascript:javascript:alert(106)" id="fuzzelement1">test</a>
+<a href="\x06javascript:javascript:alert(107)" id="fuzzelement1">test</a>
+<a href="\xE2\x80\xA9javascript:javascript:alert(108)" id="fuzzelement1">test</a>
+<a href="\xE2\x80\x85javascript:javascript:alert(109)" id="fuzzelement1">test</a>
+<a href="\x1Ejavascript:javascript:alert(110)" id="fuzzelement1">test</a>
+<a href="\xE2\x81\x9Fjavascript:javascript:alert(111)" id="fuzzelement1">test</a>
+<a href="\x1Cjavascript:javascript:alert(112)" id="fuzzelement1">test</a>
+<a href="javascript\x00:javascript:alert(113)" id="fuzzelement1">test</a>
+<a href="javascript\x3A:javascript:alert(114)" id="fuzzelement1">test</a>
+<a href="javascript\x09:javascript:alert(115)" id="fuzzelement1">test</a>
+<a href="javascript\x0D:javascript:alert(116)" id="fuzzelement1">test</a>
+<a href="javascript\x0A:javascript:alert(117)" id="fuzzelement1">test</a>
+`"'><img src=xxx:x \x0Aonerror=javascript:alert(118)>
+`"'><img src=xxx:x \x22onerror=javascript:alert(119)>
+`"'><img src=xxx:x \x0Bonerror=javascript:alert(120)>
+`"'><img src=xxx:x \x0Donerror=javascript:alert(121)>
+`"'><img src=xxx:x \x2Fonerror=javascript:alert(122)>
+`"'><img src=xxx:x \x09onerror=javascript:alert(123)>
+`"'><img src=xxx:x \x0Conerror=javascript:alert(124)>
+`"'><img src=xxx:x \x00onerror=javascript:alert(125)>
+`"'><img src=xxx:x \x27onerror=javascript:alert(126)>
+`"'><img src=xxx:x \x20onerror=javascript:alert(127)>
+"`'><script>\x3Bjavascript:alert(128)</script>
+"`'><script>\x0Djavascript:alert(129)</script>
+"`'><script>\xEF\xBB\xBFjavascript:alert(130)</script>
+"`'><script>\xE2\x80\x81javascript:alert(131)</script>
+"`'><script>\xE2\x80\x84javascript:alert(132)</script>
+"`'><script>\xE3\x80\x80javascript:alert(133)</script>
+"`'><script>\x09javascript:alert(134)</script>
+"`'><script>\xE2\x80\x89javascript:alert(135)</script>
+"`'><script>\xE2\x80\x85javascript:alert(136)</script>
+"`'><script>\xE2\x80\x88javascript:alert(137)</script>
+"`'><script>\x00javascript:alert(138)</script>
+"`'><script>\xE2\x80\xA8javascript:alert(139)</script>
+"`'><script>\xE2\x80\x8Ajavascript:alert(140)</script>
+"`'><script>\xE1\x9A\x80javascript:alert(141)</script>
+"`'><script>\x0Cjavascript:alert(142)</script>
+"`'><script>\x2Bjavascript:alert(143)</script>
+"`'><script>\xF0\x90\x96\x9Ajavascript:alert(144)</script>
+"`'><script>-javascript:alert(145)</script>
+"`'><script>\x0Ajavascript:alert(146)</script>
+"`'><script>\xE2\x80\xAFjavascript:alert(147)</script>
+"`'><script>\x7Ejavascript:alert(148)</script>
+"`'><script>\xE2\x80\x87javascript:alert(149)</script>
+"`'><script>\xE2\x81\x9Fjavascript:alert(150)</script>
+"`'><script>\xE2\x80\xA9javascript:alert(151)</script>
+"`'><script>\xC2\x85javascript:alert(152)</script>
+"`'><script>\xEF\xBF\xAEjavascript:alert(153)</script>
+"`'><script>\xE2\x80\x83javascript:alert(154)</script>
+"`'><script>\xE2\x80\x8Bjavascript:alert(155)</script>
+"`'><script>\xEF\xBF\xBEjavascript:alert(156)</script>
+"`'><script>\xE2\x80\x80javascript:alert(157)</script>
+"`'><script>\x21javascript:alert(158)</script>
+"`'><script>\xE2\x80\x82javascript:alert(159)</script>
+"`'><script>\xE2\x80\x86javascript:alert(160)</script>
+"`'><script>\xE1\xA0\x8Ejavascript:alert(161)</script>
+"`'><script>\x0Bjavascript:alert(162)</script>
+"`'><script>\x20javascript:alert(163)</script>
+"`'><script>\xC2\xA0javascript:alert(164)</script>
+<img \x00src=x onerror="alert(165)">
+<img \x47src=x onerror="javascript:alert(166)">
+<img \x11src=x onerror="javascript:alert(167)">
+<img \x12src=x onerror="javascript:alert(168)">
+<img\x47src=x onerror="javascript:alert(169)">
+<img\x10src=x onerror="javascript:alert(170)">
+<img\x13src=x onerror="javascript:alert(171)">
+<img\x32src=x onerror="javascript:alert(172)">
+<img\x47src=x onerror="javascript:alert(173)">
+<img\x11src=x onerror="javascript:alert(174)">
+<img \x47src=x onerror="javascript:alert(175)">
+<img \x34src=x onerror="javascript:alert(176)">
+<img \x39src=x onerror="javascript:alert(177)">
+<img \x00src=x onerror="javascript:alert(178)">
+<img src\x09=x onerror="javascript:alert(179)">
+<img src\x10=x onerror="javascript:alert(180)">
+<img src\x13=x onerror="javascript:alert(181)">
+<img src\x32=x onerror="javascript:alert(182)">
+<img src\x12=x onerror="javascript:alert(183)">
+<img src\x11=x onerror="javascript:alert(184)">
+<img src\x00=x onerror="javascript:alert(185)">
+<img src\x47=x onerror="javascript:alert(186)">
+<img src=x\x09onerror="javascript:alert(187)">
+<img src=x\x10onerror="javascript:alert(188)">
+<img src=x\x11onerror="javascript:alert(189)">
+<img src=x\x12onerror="javascript:alert(190)">
+<img src=x\x13onerror="javascript:alert(191)">
+<img[a][b][c]src[d]=x[e]onerror=[f]"alert(192)">
+<img src=x onerror=\x09"javascript:alert(193)">
+<img src=x onerror=\x10"javascript:alert(194)">
+<img src=x onerror=\x11"javascript:alert(195)">
+<img src=x onerror=\x12"javascript:alert(196)">
+<img src=x onerror=\x32"javascript:alert(197)">
+<img src=x onerror=\x00"javascript:alert(198)">
+<a href=javascript:javascript:alert(199)>XXX</a>
+<img src="x` `<script>javascript:alert(200)</script>"` `>
+<img src onerror /" '"= alt=javascript:alert(201)//">
+<title onpropertychange=javascript:alert(202)></title><title title=>
+<a href=http://foo.bar/#x=`y></a><img alt="`><img src=x:x onerror=javascript:alert(203)></a>">
+<!--[if]><script>javascript:alert(204)</script -->
+<!--[if<img src=x onerror=javascript:alert(205)//]> -->
<script src="/\%(jscript)s"></script>
<script src="\\%(jscript)s"></script>
-<IMG """><SCRIPT>alert("XSS")</SCRIPT>">
-<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
-<IMG SRC=# onmouseover="alert('xxs')">
-<IMG SRC= onmouseover="alert('xxs')">
-<IMG onmouseover="alert('xxs')">
-<IMG SRC=javascript:alert('XSS')>
-<IMG SRC=javascript:alert('XSS')>
-<IMG SRC=javascript:alert('XSS')>
-<IMG SRC="jav ascript:alert('XSS');">
-<IMG SRC="jav	ascript:alert('XSS');">
-<IMG SRC="jav
ascript:alert('XSS');">
-<IMG SRC="jav
ascript:alert('XSS');">
-perl -e 'print "<IMG SRC=java\0script:alert(\"XSS\")>";' > out
-<IMG SRC="  javascript:alert('XSS');">
+<IMG """><SCRIPT>alert("206")</SCRIPT>">
+<IMG SRC=javascript:alert(String.fromCharCode(50,48,55))>
+<IMG SRC=# onmouseover="alert('208')">
+<IMG SRC= onmouseover="alert('209')">
+<IMG onmouseover="alert('210')">
+<IMG SRC=javascript:alert('211')>
+<IMG SRC=javascript:alert('212')>
+<IMG SRC=javascript:alert('213')>
+<IMG SRC="jav ascript:alert('214');">
+<IMG SRC="jav	ascript:alert('215');">
+<IMG SRC="jav
ascript:alert('216');">
+<IMG SRC="jav
ascript:alert('217');">
+perl -e 'print "<IMG SRC=java\0script:alert(\"218\")>";' > out
+<IMG SRC="  javascript:alert('219');">
<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT>
-<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>
+<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("220")>
<SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT>
-<<SCRIPT>alert("XSS");//<</SCRIPT>
+<<SCRIPT>alert("221");//<</SCRIPT>
<SCRIPT SRC=http://ha.ckers.org/xss.js?< B >
<SCRIPT SRC=//ha.ckers.org/.j>
-<IMG SRC="javascript:alert('XSS')"
+<IMG SRC="javascript:alert('222')"
<iframe src=http://ha.ckers.org/scriptlet.html <
-\";alert('XSS');//
+\";alert('223');//
<u oncopy=alert()> Copy me</u>
-<i onwheel=alert(1)> Scroll over me </i>
+<i onwheel=alert(224)> Scroll over me </i>
<plaintext>
http://a/%%30%30
-</textarea><script>alert(123)</script>
+</textarea><script>alert(225)</script>
# SQL Injection
#
@@ -572,7 +587,8 @@ http://a/%%30%30
1'; DROP TABLE users-- 1
' OR 1=1 -- 1
' OR '1'='1
-
+'; EXEC sp_MSForEachTable 'DROP TABLE ?'; --
+
%
_
@@ -710,3 +726,17 @@ The quic������k brown fo�����������x... [Beeeep]
Powerلُلُصّبُلُلصّبُررً ॣ ॣh ॣ ॣ冗
🏳0🌈️
జ్ఞా
+
+# Persian special characters
+#
+# This is a four characters string which includes Persian special characters (گچپژ)
+
+گچپژ
+
+# jinja2 injection
+#
+# first one is supposed to raise "MemoryError" exception
+# second, obviously, prints contents of /etc/passwd
+
+{% print 'x' * 64 * 1024**3 %}
+{{ "".__class__.__mro__[2].__subclasses__()[40]("/etc/passwd").read() }}