test
Reserved Strings
Strings which may be used elsewhere in code
undefined
undef
null
NULL
(null)
nil
NIL
true
false
True
False
TRUE
FALSE
None
hasOwnProperty
\
Numeric Strings
Strings which can be interpreted as numeric
0 1 1.00 $1.00 1/2 1E2 1E02 1E+02 -1 -1.00 -$1.00 -1/2 -1E2 -1E02 -1E+02 1/0 0/0 -2147483648/-1 -9223372036854775808/-1 -0 -0.0 +0 +0.0 0.00 0..0 . 0.0.0 0,00 0,,0 , 0,0,0 0.0/0 1.0/0.0 0.0/0.0 1,0/0,0 0,0/0,0 --1
-. -, 999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999 NaN Infinity -Infinity INF 1#INF -1#IND 1#QNAN 1#SNAN 1#IND 0x0 0xffffffff 0xffffffffffffffff 0xabad1dea 123456789012345678901234567890123456789 1,000.00 1 000.00 1'000.00 1,000,000.00 1 000 000.00 1'000'000.00 1.000,00 1 000,00 1'000,00 1.000.000,00 1 000 000,00 1'000'000,00 01000 08 09 2.2250738585072011e-308
Special Characters
ASCII punctuation. All of these characters may need to be escaped in some
contexts. Divided into three groups based on (US-layout) keyboard position.
,./;'[]-= <>?:"{}|_+ !@#$%^&*()`~
Non-whitespace C0 controls: U+0001 through U+0008, U+000E through U+001F,
and U+007F (DEL)
Often forbidden to appear in various text-based file formats (e.g. XML),
or reused for internal delimiters on the theory that they should never
appear in input.
The next line may appear to be blank or mojibake in some viewers.
���������������������������
Non-whitespace C1 controls: U+0080 through U+0084 and U+0086 through U+009F.
Commonly misinterpreted as additional graphic characters.
The next line may appear to be blank, mojibake, or dingbats in some viewers.
�������������������������������
Whitespace: all of the characters with category Zs, Zl, or Zp (in Unicode
version 8.0.0), plus U+0009 (HT), U+000B (VT), U+000C (FF), U+0085 (NEL),
and U+200B (ZERO WIDTH SPACE), which are in the C categories but are often
treated as whitespace in some contexts.
This file unfortunately cannot express strings containing
U+0000, U+000A, or U+000D (NUL, LF, CR).
The next line may appear to be blank or mojibake in some viewers.
The next line may be flagged for "trailing whitespace" in some viewers.
� �
Unicode additional control characters: all of the characters with
general category Cf (in Unicode 8.0.0).
The next line may appear to be blank or mojibake in some viewers.
"Byte order marks", U+FEFF and U+FFFE, each on its own line.
The next two lines may appear to be blank or mojibake in some viewers.
�
Unicode Symbols
Strings which contain common unicode symbols (e.g. smart quotes)
Ω≈ç√∫˜µ≤≥÷ åß∂ƒ©˙∆˚¬…æ œ∑´®†¥¨ˆøπ“‘ ¡™£¢∞§¶•ªº–≠ ¸˛Ç◊ı˜Â¯˘¿ ÅÍÎÏ˝ÓÔÒÚÆ☃ Œ„´‰ˇÁ¨ˆØ∏”’ `⁄€‹›fifl‡°·‚—± ⅛⅜⅝⅞ ЁЂЃЄЅІЇЈЉЊЋЌЍЎЏАБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯабвгдежзийклмнопрстуфхцчшщъыьэюя ٠١٢٣٤٥٦٧٨٩
Unicode Subscript/Superscript/Accents
Strings which contain unicode subscripts/superscripts; can cause rendering issues
⁰⁴⁵ ₀₁₂ ⁰⁴⁵₀₁₂ ด้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็ ด้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็ ด้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็
Quotation Marks
Strings which contain misplaced quotation marks; can cause encoding errors
' " '' "" '"' "''''"'" "'"'"''''" <foo val=`bar' />
Two-Byte Characters
Strings which contain two-byte characters: can cause rendering issues or character-length issues
田中さんにあげて下さい パーティーへ行かないか 和製漢語 部落格 사회과학원 어학연구소 찦차를 타고 온 펲시맨과 쑛다리 똠방각하 社會科學院語學研究所 울란바토르 𠜎𠜱𠝹𠱓𠱸𠲖𠳏
Changing length when lowercased
Characters which increase in length (2 to 3 bytes) when lowercased
https://twitter.com/jifa/status/625776454479970304
Credit:Ⱥ Ⱦ
Japanese Emoticons
Strings which consists of Japanese-style emoticons which are popular on the web
ヽ༼ຈل͜ຈ༽ノ ヽ༼ຈل͜ຈ༽ノ (。◕ ∀ ◕。) `ィ(´∀`∩ __ロ(,,) ・( ̄∀ ̄)・:: ゚・✿ヾ╲(。◕‿◕。)╱✿・゚ ,。・::・゜’( ☻ ω ☻ )。・::・゜’ (╯°□°)╯︵ ┻━┻) (ノಥ益ಥ)ノ ┻━┻ ┬─┬ノ( º _ ºノ) ( ͡° ͜ʖ ͡°) ¯_(ツ)/¯
Emoji
Strings which contain Emoji; should be the same behavior as two-byte characters, but not always
😍 👩🏽 👾 🙇 💁 🙅 🙆 🙋 🙎 🙍 🐵 🙈 🙉 🙊 ❤️ 💔 💌 💕 💞 💓 💗 💖 💘 💝 💟 💜 💛 💚 💙 ✋🏿 💪🏿 👐🏿 🙌🏿 👏🏿 🙏🏿 🚾 🆒 🆓 🆕 🆖 🆗 🆙 🏧 0️⃣ 1️⃣ 2️⃣ 3️⃣ 4️⃣ 5️⃣ 6️⃣ 7️⃣ 8️⃣ 9️⃣ 🔟
Regional Indicator Symbols
Regional Indicator Symbols can be displayed differently across
fonts, and have a number of special behaviors
🇺🇸🇷🇺🇸 🇦🇫🇦🇲🇸 🇺🇸🇷🇺🇸🇦🇫🇦🇲 🇺🇸🇷🇺🇸🇦
Unicode Numbers
Strings which contain unicode numbers; if the code is localized, it should see the input as numeric
123 ١٢٣
Right-To-Left Strings
Strings which contain text that should be rendered RTL if possible (e.g. Arabic, Hebrew)
ثم نفس سقطت وبالتحديد،, جزيرتي باستخدام أن دنو. إذ هنا؟ الستار وتنصيب كان. أهّل ايطاليا، بريطانيا-فرنسا قد أخذ. سليمان، إتفاقية بين ما, يذكر الحدود أي بعد, معاملة بولندا، الإطلاق عل إيو. בְּרֵאשִׁית, בָּרָא אֱלֹהִים, אֵת הַשָּׁמַיִם, וְאֵת הָאָרֶץ הָיְתָהtestالصفحات التّحول ﷽ ﷺ مُنَاقَشَةُ سُبُلِ اِسْتِخْدَامِ اللُّغَةِ فِي النُّظُمِ الْقَائِمَةِ وَفِيم يَخُصَّ التَّطْبِيقَاتُ الْحاسُوبِيَّةُ،
Trick Unicode
http://www.unicode.org/charts/PDF/U2000.pdf)
Strings which contain unicode with unusual properties (e.g. Right-to-left override) (c.f.test test test testtest test
Zalgo Text
http://www.eeemo.net)
Strings which contain "corrupted" text. The corruption will not appear in non-HTML text, however. (viaṰ̺̺̕o͞ ̷i̲̬͇̪͙n̝̗͕v̟̜̘̦͟o̶̙̰̠kè͚̮̺̪̹̱̤ ̖t̝͕̳̣̻̪͞h̼͓̲̦̳̘̲e͇̣̰̦̬͎ ̢̼̻̱̘h͚͎͙̜̣̲ͅi̦̲̣̰̤v̻͍e̺̭̳̪̰-m̢iͅn̖̺̞̲̯̰d̵̼̟͙̩̼̘̳ ̞̥̱̳̭r̛̗̘e͙p͠r̼̞̻̭̗e̺̠̣͟s̘͇̳͍̝͉e͉̥̯̞̲͚̬͜ǹ̬͎͎̟̖͇̤t͍̬̤͓̼̭͘ͅi̪̱n͠g̴͉ ͏͉ͅc̬̟h͡a̫̻̯͘o̫̟̖͍̙̝͉s̗̦̲.̨̹͈̣ ̡͓̞ͅI̗̘̦͝n͇͇͙v̮̫ok̲̫̙͈i̖͙̭̹̠̞n̡̻̮̣̺g̲͈͙̭͙̬͎ ̰t͔̦h̞̲e̢̤ ͍̬̲͖f̴̘͕̣è͖ẹ̥̩l͖͔͚i͓͚̦͠n͖͍̗͓̳̮g͍ ̨o͚̪͡f̘̣̬ ̖̘͖̟͙̮c҉͔̫͖͓͇͖ͅh̵̤̣͚͔á̗̼͕ͅo̼̣̥s̱͈̺̖̦̻͢.̛̖̞̠̫̰ ̗̺͖̹̯͓Ṯ̤͍̥͇͈h̲́e͏͓̼̗̙̼̣͔ ͇̜̱̠͓͍ͅN͕͠e̗̱z̘̝̜̺͙p̤̺̹͍̯͚e̠̻̠͜r̨̤͍̺̖͔̖̖d̠̟̭̬̝͟i̦͖̩͓͔̤a̠̗̬͉̙n͚͜ ̻̞̰͚ͅh̵͉i̳̞v̢͇ḙ͎͟-҉̭̩̼͔m̤̭̫i͕͇̝̦n̗͙ḍ̟ ̯̲͕͞ǫ̟̯̰̲͙̻̝f ̪̰̰̗̖̭̘͘c̦͍̲̞͍̩̙ḥ͚a̮͎̟̙͜ơ̩̹͎s̤.̝̝ ҉Z̡̖̜͖̰̣͉̜a͖̰͙̬͡l̲̫̳͍̩g̡̟̼̱͚̞̬ͅo̗͜.̟ ̦H̬̤̗̤͝e͜ ̜̥̝̻͍̟́w̕h̖̯͓o̝͙̖͎̱̮ ҉̺̙̞̟͈W̷̼̭a̺̪͍į͈͕̭͙̯̜t̶̼̮s̘͙͖̕ ̠̫̠B̻͍͙͉̳ͅe̵h̵̬͇̫͙i̹͓̳̳̮͎̫̕n͟d̴̪̜̖ ̰͉̩͇͙̲͞ͅT͖̼͓̪͢h͏͓̮̻e̬̝̟ͅ ̤̹̝W͙̞̝͔͇͝ͅa͏͓͔̹̼̣l̴͔̰̤̟͔ḽ̫.͕ Z̮̞̠͙͔ͅḀ̗̞͈̻̗Ḷ͙͎̯̹̞͓G̻O̭̗̮
Unicode Upsidedown
http://www.upsidedowntext.com)
Strings which contain unicode with an "upsidedown" effect (via˙ɐnbᴉlɐ ɐuƃɐɯ ǝɹolop ʇǝ ǝɹoqɐl ʇn ʇunpᴉpᴉɔuᴉ ɹodɯǝʇ poɯsnᴉǝ op pǝs 'ʇᴉlǝ ƃuᴉɔsᴉdᴉpɐ ɹnʇǝʇɔǝsuoɔ 'ʇǝɯɐ ʇᴉs ɹolop ɯnsdᴉ ɯǝɹo˥ 00˙Ɩ$-
Unicode font
Strings which contain bold/italic/etc. versions of normal characters
The quick brown fox jumps over the lazy dog 𝐓𝐡𝐞 𝐪𝐮𝐢𝐜𝐤 𝐛𝐫𝐨𝐰𝐧 𝐟𝐨𝐱 𝐣𝐮𝐦𝐩𝐬 𝐨𝐯𝐞𝐫 𝐭𝐡𝐞 𝐥𝐚𝐳𝐲 𝐝𝐨𝐠 𝕿𝖍𝖊 𝖖𝖚𝖎𝖈𝖐 𝖇𝖗𝖔𝖜𝖓 𝖋𝖔𝖝 𝖏𝖚𝖒𝖕𝖘 𝖔𝖛𝖊𝖗 𝖙𝖍𝖊 𝖑𝖆𝖟𝖞 𝖉𝖔𝖌 𝑻𝒉𝒆 𝒒𝒖𝒊𝒄𝒌 𝒃𝒓𝒐𝒘𝒏 𝒇𝒐𝒙 𝒋𝒖𝒎𝒑𝒔 𝒐𝒗𝒆𝒓 𝒕𝒉𝒆 𝒍𝒂𝒛𝒚 𝒅𝒐𝒈 𝓣𝓱𝓮 𝓺𝓾𝓲𝓬𝓴 𝓫𝓻𝓸𝔀𝓷 𝓯𝓸𝔁 𝓳𝓾𝓶𝓹𝓼 𝓸𝓿𝓮𝓻 𝓽𝓱𝓮 𝓵𝓪𝔃𝔂 𝓭𝓸𝓰 𝕋𝕙𝕖 𝕢𝕦𝕚𝕔𝕜 𝕓𝕣𝕠𝕨𝕟 𝕗𝕠𝕩 𝕛𝕦𝕞𝕡𝕤 𝕠𝕧𝕖𝕣 𝕥𝕙𝕖 𝕝𝕒𝕫𝕪 𝕕𝕠𝕘 𝚃𝚑𝚎 𝚚𝚞𝚒𝚌𝚔 𝚋𝚛𝚘𝚠𝚗 𝚏𝚘𝚡 𝚓𝚞𝚖𝚙𝚜 𝚘𝚟𝚎𝚛 𝚝𝚑𝚎 𝚕𝚊𝚣𝚢 𝚍𝚘𝚐 ⒯⒣⒠ ⒬⒰⒤⒞⒦ ⒝⒭⒪⒲⒩ ⒡⒪⒳ ⒥⒰⒨⒫⒮ ⒪⒱⒠⒭ ⒯⒣⒠ ⒧⒜⒵⒴ ⒟⒪⒢
Script Injection
<script>alert(123)</script> Strings which attempt to invoke a benign script injection; shows vulnerability to XSS
<script>alert('123');</script> <script>123<1>alert(123)</script> "><script>alert(123)</script> '><script>alert(123)</script>
<script>alert(123)</script>
</script><script>alert(123)</script> < / script >< script >alert(123)< / script > onfocus=JaVaSCript:alert(123) autofocus " onfocus=JaVaSCript:alert(123) autofocus ' onfocus=JaVaSCript:alert(123) autofocus <script>alert(123)</script> <sc<script>ript>alert(123)</sc</script>ript> --><script>alert(123)</script> ";alert(123);t=" ';alert(123);t=' JavaSCript:alert(123) ;alert(123); src=JaVaSCript:prompt(132) "><script>alert(123);</script x=" '><script>alert(123);</script x='
<script>alert(123);</script x=
" autofocus onkeyup="javascript:alert(123)
' autofocus onkeyup='javascript:alert(123)
<script\x20type="text/javascript">javascript:alert(1);</script>
<script\x3Etype="text/javascript">javascript:alert(1);</script>
<script\x0Dtype="text/javascript">javascript:alert(1);</script>
<script\x09type="text/javascript">javascript:alert(1);</script>
<script\x0Ctype="text/javascript">javascript:alert(1);</script>
<script\x2Ftype="text/javascript">javascript:alert(1);</script>
<script\x0Atype="text/javascript">javascript:alert(1);</script>
'"><\x3Cscript>javascript:alert(1)</script> '
"><\x00script>javascript:alert(1)</script>
ABC
"'><img src=xxx:x \x0Aonerror=javascript:alert(1)>
"'><img src=xxx:x \x22onerror=javascript:alert(1)>
"'><img src=xxx:x \x0Bonerror=javascript:alert(1)>
"'><img src=xxx:x \x0Donerror=javascript:alert(1)>
"'><img src=xxx:x \x2Fonerror=javascript:alert(1)>
"'><img src=xxx:x \x09onerror=javascript:alert(1)>
"'><img src=xxx:x \x0Conerror=javascript:alert(1)>
"'><img src=xxx:x \x00onerror=javascript:alert(1)>
"'><img src=xxx:x \x27onerror=javascript:alert(1)>
"'><img src=xxx:x \x20onerror=javascript:alert(1)>
"'><script>\x3Bjavascript:alert(1)</script> "
'><script>\x0Djavascript:alert(1)</script>
"'><script>\xEF\xBB\xBFjavascript:alert(1)</script> "
'><script>\xE2\x80\x81javascript:alert(1)</script>
"'><script>\xE2\x80\x84javascript:alert(1)</script> "
'><script>\xE3\x80\x80javascript:alert(1)</script>
"'><script>\x09javascript:alert(1)</script> "
'><script>\xE2\x80\x89javascript:alert(1)</script>
"'><script>\xE2\x80\x85javascript:alert(1)</script> "
'><script>\xE2\x80\x88javascript:alert(1)</script>
"'><script>\x00javascript:alert(1)</script> "
'><script>\xE2\x80\xA8javascript:alert(1)</script>
"'><script>\xE2\x80\x8Ajavascript:alert(1)</script> "
'><script>\xE1\x9A\x80javascript:alert(1)</script>
"'><script>\x0Cjavascript:alert(1)</script> "
'><script>\x2Bjavascript:alert(1)</script>
"'><script>\xF0\x90\x96\x9Ajavascript:alert(1)</script> "
'><script>-javascript:alert(1)</script>
"'><script>\x0Ajavascript:alert(1)</script> "
'><script>\xE2\x80\xAFjavascript:alert(1)</script>
"'><script>\x7Ejavascript:alert(1)</script> "
'><script>\xE2\x80\x87javascript:alert(1)</script>
"'><script>\xE2\x81\x9Fjavascript:alert(1)</script> "
'><script>\xE2\x80\xA9javascript:alert(1)</script>
"'><script>\xC2\x85javascript:alert(1)</script> "
'><script>\xEF\xBF\xAEjavascript:alert(1)</script>
"'><script>\xE2\x80\x83javascript:alert(1)</script> "
'><script>\xE2\x80\x8Bjavascript:alert(1)</script>
"'><script>\xEF\xBF\xBEjavascript:alert(1)</script> "
'><script>\xE2\x80\x80javascript:alert(1)</script>
"'><script>\x21javascript:alert(1)</script> "
'><script>\xE2\x80\x82javascript:alert(1)</script>
"'><script>\xE2\x80\x86javascript:alert(1)</script> "
'><script>\xE1\xA0\x8Ejavascript:alert(1)</script>
"'><script>\x0Bjavascript:alert(1)</script> "
'><script>\x20javascript:alert(1)</script>
"'><script>\xC2\xA0javascript:alert(1)</script> <img \x00src=x onerror="alert(1)"> <img \x47src=x onerror="javascript:alert(1)"> <img \x11src=x onerror="javascript:alert(1)"> <img \x12src=x onerror="javascript:alert(1)"> <img\x47src=x onerror="javascript:alert(1)"> <img\x10src=x onerror="javascript:alert(1)"> <img\x13src=x onerror="javascript:alert(1)"> <img\x32src=x onerror="javascript:alert(1)"> <img\x47src=x onerror="javascript:alert(1)"> <img\x11src=x onerror="javascript:alert(1)"> <img \x47src=x onerror="javascript:alert(1)"> <img \x34src=x onerror="javascript:alert(1)"> <img \x39src=x onerror="javascript:alert(1)"> <img \x00src=x onerror="javascript:alert(1)"> <img src\x09=x onerror="javascript:alert(1)"> <img src\x10=x onerror="javascript:alert(1)"> <img src\x13=x onerror="javascript:alert(1)"> <img src\x32=x onerror="javascript:alert(1)"> <img src\x12=x onerror="javascript:alert(1)"> <img src\x11=x onerror="javascript:alert(1)"> <img src\x00=x onerror="javascript:alert(1)"> <img src\x47=x onerror="javascript:alert(1)"> <img src=x\x09onerror="javascript:alert(1)"> <img src=x\x10onerror="javascript:alert(1)"> <img src=x\x11onerror="javascript:alert(1)"> <img src=x\x12onerror="javascript:alert(1)"> <img src=x\x13onerror="javascript:alert(1)"> <img[a][b][c]src[d]=x[e]onerror=[f]"alert(1)"> <img src=x onerror=\x09"javascript:alert(1)"> <img src=x onerror=\x10"javascript:alert(1)"> <img src=x onerror=\x11"javascript:alert(1)"> <img src=x onerror=\x12"javascript:alert(1)"> <img src=x onerror=\x32"javascript:alert(1)"> <img src=x onerror=\x00"javascript:alert(1)"> <a href=javascript:javascript:alert(1)>XXX</a> <img src="x
<script>javascript:alert(1)</script>"
`>
<img src onerror /" '"= alt=javascript:alert(1)//">
<title onpropertychange=javascript:alert(1)></title><title title=>
<script src="/\%(jscript)s"></script>
<script src="\\%(jscript)s"></script>
<SCRIPT>alert("XSS")</SCRIPT>">
perl -e 'print "";' > out