Wpis z mikrobloga

# Reserved Strings
#
# Strings which may be used elsewhere in code

undefined
undef
null
NULL
(null)
nil
NIL
true
false
True
False
None
\
\

# Numeric Strings
#
# Strings which can be interpreted as numeric

0
1
1.00
$1.00
1/2
1E2
1E02
1E+02
-1
-1.00
-$1.00
-1/2
-1E2
-1E02
-1E+02
1/0
0/0
-2147483648/-1
-9223372036854775808/-1
0.00
0..0
.
0.0.0
0,00
0,,0
,
0,0,0
0.0/0
1.0/0.0
0.0/0.0
1,0/0,0
0,0/0,0
--1
-
-.
-,
999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999
NaN
Infinity
-Infinity
0x0
0xffffffff
0xffffffffffffffff
0xabad1dea
123456789012345678901234567890123456789
1,000.00
1 000.00
1'000.00
1,000,000.00
1 000 000.00
1'000'000.00
1.000,00
1 000,00
1'000,00
1.000.000,00
1 000 000,00
1'000'000,00
01000
08
09
2.2250738585072011e-308

# Special Characters
#
# Strings which contain common special ASCII characters (may need to be escaped)

,./;'[]\-=
<>?:"{}|_+



# Unicode Symbols
#
# Strings which contain common unicode symbols (e.g. smart quotes)

Ω≈ç√∫˜µ≤≥÷
åß∂ƒ©˙∆˚¬…æ
œ∑´®†¥¨ˆøπ“‘
¡™£¢∞§¶•ªº–≠
¸˛Ç◊ı˜Â¯˘¿
ÅÍÎÏ˝ÓÔÒÚÆ☃
Œ„´‰ˇÁ¨ˆØ∏”’
⁄€‹›fifl‡°·‚—±
⅛⅜⅝⅞
ЁЂЃЄЅІЇЈЉЊЋЌЍЎЏАБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯабвгдежзийклмнопрстуфхцчшщъыьэюя
٠١٢٣٤٥٦٧٨٩

# Unicode Subscript/Superscript
#
# Strings which contain unicode subscripts/superscripts; can cause rendering issues

⁰⁴⁵
₀₁₂
⁰⁴⁵₀₁₂

# Quotation Marks
#
# Strings which contain misplaced quotation marks; can cause encoding errors

'
"
''
""
'"'
"''''"'"
"'"'"''''"

# Two-Byte Characters
#
# Strings which contain two-byte characters: can cause rendering issues or character-length issues

田中さんにあげて下さい
パーティーへ行かないか
和製漢語
部落格
사회과학원 어학연구소
찦차를 타고 온 펲시맨과 쑛다리 똠방각하
社會科學院語學研究所
울란바토르

# Japanese Emoticons
#
# Strings which consists of Japanese-style emoticons which are popular on the web

ヽ༼ຈل͜ຈ༽ﾉ ヽ༼ຈل͜ຈ༽ﾉ
(｡◕ ∀ ◕｡)
｀ｨ(´∀｀∩
_ﾛ(,,*)
・(￣∀￣)・:*:
ﾟ･✿ヾ╲(｡◕‿◕｡)╱✿･ﾟ
,。・:*:・゜’( ☻ ω ☻ )。・:*:・゜’
(╯°□°）╯︵ ┻━┻)
(ﾉಥ益ಥ）ﾉ ┻━┻
( ͡° ͜ʖ ͡°)

# Emoji
#
# Strings which contain Emoji; should be the same behavior as two-byte characters, but not always



❤️
✋

0️⃣ 1️⃣ 2️⃣ 3️⃣ 4️⃣ 5️⃣ 6️⃣ 7️⃣ 8️⃣ 9️⃣

# Unicode Numbers
#
# Strings which contain unicode numbers; if the code is localized, it should see the input as numeric

１２３
١٢٣

# Right-To-Left Strings
#
# Strings which contain text that should be rendered RTL if possible (e.g. Arabic, Hebrew)

ثم نفس سقطت وبالتحديد،, جزيرتي باستخدام أن دنو. إذ هنا؟ الستار وتنصيب كان. أهّل ايطاليا، بريطانيا-فرنسا قد أخذ. سليمان، إتفاقية بين ما, يذكر الحدود أي بعد, معاملة بولندا، الإطلاق عل إيو.
בְּרֵאשִׁית, בָּרָא אֱלֹהִים, אֵת הַשָּׁמַיִם, וְאֵת הָאָרֶץ
הָיְתָהtestالصفحات التّحول
﷽
ﷺ

# Unicode Spaces
#
# Strings which contain unicode space characters with special properties (c.f. https://www.cs.tut.fi/~jkorpela/chars/spaces.html)


᠎


␣
␢
␡

# Trick Unicode
#
# Strings which contain unicode with unusual properties (e.g. Right-to-left override) (c.f. http://www.unicode.org/charts/PDF/U2000.pdf)

test
test
test
testtest
⁦test⁧

# Zalgo Text
#
# Strings which contain "corrupted" text. The corruption will not appear in non-HTML text, however. (via http://www.eeemo.net)

Ṱ̺̺̕o͞ ̷i̲̬͇̪͙n̝̗͕v̟̜̘̦͟o̶̙̰̠kè͚̮̺̪̹̱̤ ̖t̝͕̳̣̻̪͞h̼͓̲̦̳̘̲e͇̣̰̦̬͎ ̢̼̻̱̘h͚͎͙̜̣̲ͅi̦̲̣̰̤v̻͍e̺̭̳̪̰-m̢iͅn̖̺̞̲̯̰d̵̼̟͙̩̼̘̳ ̞̥̱̳̭r̛̗̘e͙p͠r̼̞̻̭̗e̺̠̣͟s̘͇̳͍̝͉e͉̥̯̞̲͚̬͜ǹ̬͎͎̟̖͇̤t͍̬̤͓̼̭͘ͅi̪̱n͠g̴͉ ͏͉ͅc̬̟h͡a̫̻̯͘o̫̟̖͍̙̝͉s̗̦̲.̨̹͈̣
̡͓̞ͅI̗̘̦͝n͇͇͙v̮̫ok̲̫̙͈i̖͙̭̹̠̞n̡̻̮̣̺g̲͈͙̭͙̬͎ ̰t͔̦h̞̲e̢̤ ͍̬̲͖f̴̘͕̣è͖ẹ̥̩l͖͔͚i͓͚̦͠n͖͍̗͓̳̮g͍ ̨o͚̪͡f̘̣̬ ̖̘͖̟͙̮c҉͔̫͖͓͇͖ͅh̵̤̣͚͔á̗̼͕ͅo̼̣̥s̱͈̺̖̦̻͢.̛̖̞̠̫̰
̗̺͖̹̯͓Ṯ̤͍̥͇͈h̲́e͏͓̼̗̙̼̣͔ ͇̜̱̠͓͍ͅN͕͠e̗̱z̘̝̜̺͙p̤̺̹͍̯͚e̠̻̠͜r̨̤͍̺̖͔̖̖d̠̟̭̬̝͟i̦͖̩͓͔̤a̠̗̬͉̙n͚͜ ̻̞̰͚ͅh̵͉i̳̞v̢͇ḙ͎͟-҉̭̩̼͔m̤̭̫i͕͇̝̦n̗͙ḍ̟ ̯̲͕͞ǫ̟̯̰̲͙̻̝f ̪̰̰̗̖̭̘͘c̦͍̲̞͍̩̙ḥ͚a̮͎̟̙͜ơ̩̹͎s̤.̝̝ ҉Z̡̖̜͖̰̣͉̜a͖̰͙̬͡l̲̫̳͍̩g̡̟̼̱͚̞̬ͅo̗͜.̟
̦H̬̤̗̤͝e͜ ̜̥̝̻͍̟́w̕h̖̯͓o̝͙̖͎̱̮ ҉̺̙̞̟͈W̷̼̭a̺̪͍į͈͕̭͙̯̜t̶̼̮s̘͙͖̕ ̠̫̠B̻͍͙͉̳ͅe̵h̵̬͇̫͙i̹͓̳̳̮͎̫̕n͟d̴̪̜̖ ̰͉̩͇͙̲͞ͅT͖̼͓̪͢h͏͓̮̻e̬̝̟ͅ ̤̹̝W͙̞̝͔͇͝ͅa͏͓͔̹̼̣l̴͔̰̤̟͔ḽ̫.͕
Z̮̞̠͙͔ͅḀ̗̞͈̻̗Ḷ͙͎̯̹̞͓G̻O̭̗̮

# Unicode Upsidedown
#
# Strings which contain unicode with an "upsidedown" effect (via http://www.upsidedowntext.com)

˙ɐnbᴉlɐ ɐuƃɐɯ ǝɹolop ʇǝ ǝɹoqɐl ʇn ʇunpᴉpᴉɔuᴉ ɹodɯǝʇ poɯsnᴉǝ op pǝs 'ʇᴉlǝ ƃuᴉɔsᴉdᴉpɐ ɹnʇǝʇɔǝsuoɔ 'ʇǝɯɐ ʇᴉs ɹolop ɯnsdᴉ ɯǝɹo˥
00˙Ɩ$-

# Unicode font
#
# Strings which contain bold/italic/etc. versions of normal characters

Ｔｈｅ ｑｕｉｃｋ ｂｒｏｗｎ ｆｏｘ ｊｕｍｐｓ ｏｖｅｒ ｔｈｅ ｌａｚｙ ｄｏｇ






⒯⒣⒠ ⒬⒰⒤⒞⒦ ⒝⒭⒪⒲⒩ ⒡⒪⒳ ⒥⒰⒨⒫⒮ ⒪⒱⒠⒭ ⒯⒣⒠ ⒧⒜⒵⒴ ⒟⒪⒢

# Script Injection
#
# Strings which attempt to invoke a benign script injection; shows vulnerability to XSS

alert(123)
alert('123');

Pokaż spoiler

123<1>alert(123)
">alert(123)
'>alert(123)

alert(123)

alert(123)
< / script >< script >alert(123)< / script >
onfocus=JaVaSCript:alert(123) autofocus
" onfocus=JaVaSCript:alert(123) autofocus
' onfocus=JaVaSCript:alert(123) autofocus
＜script＞alert(123)＜/script＞
ript>alert(123)ript>
-->alert(123)
";alert(123);t="
';alert(123);t='
JavaSCript:alert(123)
;alert(123);
src=JaVaSCript:prompt(132)
">alert(123);</script x="
'><script>alert(123);</script x='

<script>alert(123);</script x=

" autofocus onkeyup="javascript:alert(123)
' autofocus onkeyup='javascript:alert(123)
<script\x20type="text/javascript">javascript:alert(1);
javascript:alert(1);
javascript:alert(1);
javascript:alert(1);
javascript:alert(1);
javascript:alert(1);
javascript:alert(1);
'"><\x3Cscript>javascript:alert(1)
'"><\x00script>javascript:alert(1)
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
ABCDEF
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
test
"'>![](xxx:x)
"'>
"'>![](xxx:x)
"'>
"'>![](xxx:x)
"'>
"'>![](xxx:x)
"'>
"'>![](xxx:x)
"'>
"'>\x3Bjavascript:alert(1)
"'>\x0Djavascript:alert(1)
"'>\xEF\xBB\xBFjavascript:alert(1)
"'>\xE2\x80\x81javascript:alert(1)
"'>\xE2\x80\x84javascript:alert(1)
"'>\xE3\x80\x80javascript:alert(1)
"'>\x09javascript:alert(1)
"'>\xE2\x80\x89javascript:alert(1)
"'>\xE2\x80\x85javascript:alert(1)
"'>\xE2\x80\x88javascript:alert(1)
"'>\x00javascript:alert(1)
"'>\xE2\x80\xA8javascript:alert(1)
"'>\xE2\x80\x8Ajavascript:alert(1)
"'>\xE1\x9A\x80javascript:alert(1)
"'>\x0Cjavascript:alert(1)
"'>\x2Bjavascript:alert(1)
"'>\xF0\x90\x96\x9Ajavascript:alert(1)
"'>-javascript:alert(1)
"'>\x0Ajavascript:alert(1)
"'>\xE2\x80\xAFjavascript:alert(1)
"'>\x7Ejavascript:alert(1)
"'>\xE2\x80\x87javascript:alert(1)
"'>\xE2\x81\x9Fjavascript:alert(1)
"'>\xE2\x80\xA9javascript:alert(1)
"'>\xC2\x85javascript:alert(1)
"'>\xEF\xBF\xAEjavascript:alert(1)
"'>\xE2\x80\x83javascript:alert(1)
"'>\xE2\x80\x8Bjavascript:alert(1)
"'>\xEF\xBF\xBEjavascript:alert(1)
"'>\xE2\x80\x80javascript:alert(1)
"'>\x21javascript:alert(1)
"'>\xE2\x80\x82javascript:alert(1)
"'>\xE2\x80\x86javascript:alert(1)
"'>\xE1\xA0\x8Ejavascript:alert(1)
"'>\x0Bjavascript:alert(1)
"'>\x20javascript:alert(1)
"'>\xC2\xA0javascript:alert(1)
![]()
[]()
[]()
[]()

![]()
[]()
[]()
[]()
[]()
[]()
[]()
[]()
[]()
[]()
[]()
[]()
[](x\x09onerror="javascript:alert(1)")
[](x\x10onerror="javascript:alert(1)")
[](x\x11onerror="javascript:alert(1)")
[](x\x12onerror="javascript:alert(1)")
[](x\x13onerror="javascript:alert(1)")

![](x)
[](x)
[](x)
[](x)
[](x)
[](x)
XXX
:ğ-Ş:script>javascript:alert(1):ğ-Ş:/script>)
[]()">spoiler

>:ğ-Ş:img src=x:x onerror=javascript:alert(1)>:ğ-Ş:/a>]()">spoiler

Pokaż spoiler

ascript:alert('XSS');)

Pokaż spoiler

perl -e 'print "![](java\0script:alert(\"XSS\"))";' > out

Pokaż spoiler

<alert("XSS");//<