From 214ac9c88090343d57aa5b2b21f56bc8b7ab00d8 Mon Sep 17 00:00:00 2001
From: Mark Probst <mark.probst@gmail.com>
Date: Sat, 9 Sep 2017 08:59:57 -0700
Subject: [PATCH 1/7] Don't allow format characters in C# identifiers

They are technically allowed, but some of them are
non-breaking spaces which the C# compiler considers
equivalent (maybe even ignores?), but which our string
comparison doesn't consider equal, so we'll end up with
different C# properties that are duplicates to the C#
compiler.
---
 src/Language/CSharp.purs | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/Language/CSharp.purs b/src/Language/CSharp.purs
index 55867e36..cd981023 100644
--- a/src/Language/CSharp.purs
+++ b/src/Language/CSharp.purs
@@ -67,7 +67,6 @@ isPartCharacter c =
     Just ConnectorPunctuation -> true
     Just NonSpacingMark -> true
     Just SpacingCombiningMark -> true
-    Just Format -> true
     _ -> isStartCharacter c
 
 renderNullableToCSharp :: IRType -> Doc String

From bd4d648fc33e0ddf710abdd3a8f8bf0824b403d6 Mon Sep 17 00:00:00 2001
From: Mark Probst <mark.probst@gmail.com>
Date: Sat, 9 Sep 2017 09:00:27 -0700
Subject: [PATCH 2/7] Generate script can generate object from list of strings

---
 test/generate-json.py | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/test/generate-json.py b/test/generate-json.py
index a1babcbc..2c7afeda 100755
--- a/test/generate-json.py
+++ b/test/generate-json.py
@@ -2,6 +2,8 @@
 
 import argparse
 import random
+import json
+import sys
 
 with open('/usr/share/dict/words') as f:
     words = f.read().splitlines()
@@ -26,9 +28,18 @@ def main():
     parser.add_argument('--array-elements', nargs=1, type=int, default=[3])
     parser.add_argument('--object-size', nargs=1, type=int, default=None)
     parser.add_argument('--class-count', nargs=1, type=int, default=None)
+    parser.add_argument('--with-string-list', nargs=1, default=None)
     args = parser.parse_args()
 
-    if args.class_count:
+    if args.with_string_list:
+        with open(args.with_string_list[0]) as f:
+            strings = [x[:-1] for x in f.readlines()]
+        obj = {}
+        for s in strings:
+            obj[s] = s
+        obj["dontMakeAMap"] = True
+        json.dump(obj, sys.stdout)
+    elif args.class_count:
         print('{')
         for i in range(args.class_count[0] - 1):
             print('  "class%d":' % i)

From a14e2bfe556053baaeaf70343a51423086cb3fed Mon Sep 17 00:00:00 2001
From: Mark Probst <mark.probst@gmail.com>
Date: Sat, 9 Sep 2017 09:00:57 -0700
Subject: [PATCH 3/7] Report more errors in the test driver

---
 test/test.ts | 29 +++++++++++++++++++++--------
 1 file changed, 21 insertions(+), 8 deletions(-)

diff --git a/test/test.ts b/test/test.ts
index 685cba31..3851b449 100755
--- a/test/test.ts
+++ b/test/test.ts
@@ -297,6 +297,14 @@ function exec(
     return result;
 }
 
+function callAndReportFailure<T>(message: string, f: () => T): T {
+    try {
+        return f();
+    } catch (e) {
+        failWith(message, { error: e });
+    }
+}
+
 type ComparisonArgs = {
     expectedFile: string;
     jsonFile?: string;
@@ -309,16 +317,17 @@ function compareJsonFileToJson(args: ComparisonArgs) {
 
     let { expectedFile, jsonFile, jsonCommand, strict } = args;
 
-    let jsonString = jsonFile
-        ? fs.readFileSync(jsonFile, "utf8")
-        : exec(jsonCommand).stdout;
+    const jsonString =  jsonFile
+            ? callAndReportFailure("Could not read JSON output file", () => fs.readFileSync(jsonFile, "utf8"))
+            : callAndReportFailure("Could not run command for JSON output", () => exec(jsonCommand).stdout);
 
-    let givenJSON = JSON.parse(jsonString);
-    let expectedJSON = JSON.parse(fs.readFileSync(expectedFile, "utf8"));
+    const givenJSON = callAndReportFailure("Could not parse output JSON", () => JSON.parse(jsonString));
+    const expectedJSON = callAndReportFailure("Could not read or parse expected JSON file",
+        () => JSON.parse(fs.readFileSync(expectedFile, "utf8")));
     
     let jsonAreEqual = strict
-        ? strictDeepEquals(givenJSON, expectedJSON)
-        : deepEquals(expectedJSON, givenJSON);
+        ? callAndReportFailure("Failed to strictly compare objects", () => strictDeepEquals(givenJSON, expectedJSON))
+        : callAndReportFailure("Failed to compare objects.", () => deepEquals(expectedJSON, givenJSON));
 
     if (!jsonAreEqual) {
         failWith("Error: Output is not equivalent to input.", {
@@ -372,7 +381,11 @@ async function runFixtureWithSample(fixture: Fixture, sample: string, index: num
         // Generate code from the sample
         await quicktype({ src: [sampleFile], out: fixture.output, topLevel: fixture.topLevel});
 
-        await fixture.test(sampleFile);
+        try {
+            await fixture.test(sampleFile);            
+        } catch (e) {
+            failWith("Fixture threw an exception", { error: e });
+        }
 
         if (fixture.diffViaSchema) {
             debug("* Diffing with code generated via JSON Schema");

From 83a388462b4445e256bf8f2dc2595368f4b0b901 Mon Sep 17 00:00:00 2001
From: Mark Probst <mark.probst@gmail.com>
Date: Sat, 9 Sep 2017 09:02:18 -0700
Subject: [PATCH 4/7] Don't call `hasOwnProperty` in `deepEquals`

The object in question might have a property called
`hasOwnProperty`, which is naughty but shouldn't crash
us.
---
 test/lib/deepEquals.ts | 20 +++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)

diff --git a/test/lib/deepEquals.ts b/test/lib/deepEquals.ts
index 0893e789..ccd10ea7 100644
--- a/test/lib/deepEquals.ts
+++ b/test/lib/deepEquals.ts
@@ -9,9 +9,6 @@ declare module Math {
 
 // https://stackoverflow.com/questions/1068834/object-comparison-in-javascript
 export default function deepEquals(x: any, y: any, path: string[] = []): boolean {
-    var i;
-    var p;
-
     // remember that NaN === NaN returns false
     // and isNaN(undefined) returns true
     if (typeof x === 'number' && typeof y === 'number') {
@@ -60,8 +57,8 @@ export default function deepEquals(x: any, y: any, path: string[] = []): boolean
             console.error(`Arrays don't have the same length at path ${pathToString(path)}.`);
             return false;
         }
-        for (i = 0; i < x.length; i++) {
-            path.push(i)
+        for (let i = 0; i < x.length; i++) {
+            path.push(i.toString());
             if (!deepEquals(x[i], y[i], path))
                 return false;
             path.pop();
@@ -69,10 +66,15 @@ export default function deepEquals(x: any, y: any, path: string[] = []): boolean
         return true;
     }
 
-    for (p in y) {
+    // FIXMEL The way we're looking up properties with `indexOf` makes this
+    // quadratic.  So far no problem, so meh.
+    const xKeys = Object.keys(x);
+    const yKeys = Object.keys(y);
+
+    for (const p of yKeys) {
         // We allow properties in y that aren't present in x
         // so long as they're null.
-        if (y.hasOwnProperty(p) && !x.hasOwnProperty(p)) {
+        if (xKeys.indexOf(p) < 0) {
             if (y[p] !== null) {
                 console.error(`Non-null property ${p} is not expected at path ${pathToString(path)}.`);
                 return false;
@@ -85,8 +87,8 @@ export default function deepEquals(x: any, y: any, path: string[] = []): boolean
         }
     }
     
-    for (p in x) {
-        if (x.hasOwnProperty(p) && !y.hasOwnProperty(p)) {
+    for (const p of xKeys) {
+        if (yKeys.indexOf(p) < 0) {
             console.error(`Expected property ${p} not found at path ${pathToString(path)}.`);
             return false;
         }

From 3edf709ee468b5f6f398c335aff9fddd23f42dc8 Mon Sep 17 00:00:00 2001
From: Mark Probst <mark.probst@gmail.com>
Date: Sat, 9 Sep 2017 09:57:39 -0700
Subject: [PATCH 5/7] true and false are reserved in Java, too

---
 src/Language/Java.purs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Language/Java.purs b/src/Language/Java.purs
index 8bd65e2d..a2301b21 100644
--- a/src/Language/Java.purs
+++ b/src/Language/Java.purs
@@ -29,7 +29,7 @@ forbiddenNames =
     , "char", "final", "interface", "static", "void"
     , "class", "finally", "long", "strictfp", "volatile"
     , "const", "float", "native", "super", "while"
-    , "null"
+    , "null", "false", "true"
     ]
 
 renderer :: Renderer

From 1027720a3f96e616de910d0cf8bb2e289625a758 Mon Sep 17 00:00:00 2001
From: Mark Probst <mark.probst@gmail.com>
Date: Sat, 9 Sep 2017 09:58:50 -0700
Subject: [PATCH 6/7] Only allow ASCII in Java identifiers

Java's unicode properties don't seem to match up with the
official definition, so we'd have to implement our own
implementation of them, which we might do later.
---
 src/Language/Java.purs | 21 ++++++---------------
 1 file changed, 6 insertions(+), 15 deletions(-)

diff --git a/src/Language/Java.purs b/src/Language/Java.purs
index a2301b21..193bc882 100644
--- a/src/Language/Java.purs
+++ b/src/Language/Java.purs
@@ -2,16 +2,16 @@ module Language.Java
     ( renderer
     ) where
 
-import Doc (Doc, Renderer, blank, combineNames, forEachProperty_, forEachTopLevel_, getForSingleOrMultipleTopLevels, getTypeNameForUnion, indent, line, lookupClassName, lookupUnionName, noForbidNamer, renderRenderItems, simpleNamer, transformPropertyNames, unionIsNotSimpleNullable, unionNameIntercalated)
-import IRGraph (IRClassData(..), IRType(..), IRUnionRep, forUnion_, isUnionMember, nullableFromUnion, removeNullFromUnion, unionHasArray, unionHasClass, unionHasMap)
 import Prelude
 
-import Data.Char.Unicode (GeneralCategory(..), generalCategory, isSpace)
+import Data.Char.Unicode (isAscii, isDigit, isLetter)
 import Data.Foldable (for_)
 import Data.Map (Map)
 import Data.Map as M
 import Data.Maybe (Maybe(..))
-import Data.String.Util (camelCase, capitalize, isLetterOrLetterNumber, legalizeCharacters, startWithLetter, stringEscape)
+import Data.String.Util (camelCase, capitalize, legalizeCharacters, startWithLetter, stringEscape)
+import Doc (Doc, Renderer, blank, combineNames, forEachProperty_, forEachTopLevel_, getForSingleOrMultipleTopLevels, getTypeNameForUnion, indent, line, lookupClassName, lookupUnionName, noForbidNamer, renderRenderItems, simpleNamer, transformPropertyNames, unionIsNotSimpleNullable, unionNameIntercalated)
+import IRGraph (IRClassData(..), IRType(..), IRUnionRep, forUnion_, isUnionMember, nullableFromUnion, removeNullFromUnion, unionHasArray, unionHasClass, unionHasMap)
 
 forbiddenNames :: Array String
 forbiddenNames =
@@ -57,20 +57,11 @@ nameForClass (IRClassData { names }) = javaNameStyle true $ combineNames names
 
 isStartCharacter :: Char -> Boolean
 isStartCharacter c =
-    case generalCategory c of
-    Just CurrencySymbol -> true
-    Just ConnectorPunctuation -> true
-    _ -> isLetterOrLetterNumber c
+    (isAscii c && isLetter c) || c == '_'
 
 isPartCharacter :: Char -> Boolean
 isPartCharacter c =
-    case generalCategory c of
-    Just DecimalNumber -> true
-    Just SpacingCombiningMark -> true
-    Just NonSpacingMark -> true
-    Just Format -> true
-    Just Control -> not $ isSpace c
-    _ -> isStartCharacter c
+    isStartCharacter c || (isAscii c && isDigit c)
 
 legalize :: String -> String
 legalize = legalizeCharacters isPartCharacter

From 66c3f888b867c5fedf31fa685a4572caa9437b09 Mon Sep 17 00:00:00 2001
From: Mark Probst <mark.probst@gmail.com>
Date: Sat, 9 Sep 2017 10:08:21 -0700
Subject: [PATCH 7/7] Big List of Naughty Strings test

---
 test/inputs/json/priority/blns-object.json |  1 +
 test/test.ts                               | 15 ++++++++++-----
 2 files changed, 11 insertions(+), 5 deletions(-)
 create mode 100644 test/inputs/json/priority/blns-object.json

diff --git a/test/inputs/json/priority/blns-object.json b/test/inputs/json/priority/blns-object.json
new file mode 100644
index 00000000..cff06b1f
--- /dev/null
+++ b/test/inputs/json/priority/blns-object.json
@@ -0,0 +1 @@
+{"": "", "\u00ad\u0600\u0601\u0602\u0603\u0604\u0605\u061c\u06dd\u070f\u180e\u200b\u200c\u200d\u200e\u200f\u202a\u202b\u202c\u202d\u202e\u2060\u2061\u2062\u2063\u2064\u2066\u2067\u2068\u2069\u206a\u206b\u206c\u206d\u206e\u206f\ufeff\ufff9\ufffa\ufffb\ud804\udcbd\ud82f\udca0\ud82f\udca1\ud82f\udca2\ud82f\udca3\ud834\udd73\ud834\udd74\ud834\udd75\ud834\udd76\ud834\udd77\ud834\udd78\ud834\udd79\ud834\udd7a\udb40\udc01\udb40\udc20\udb40\udc21\udb40\udc22\udb40\udc23\udb40\udc24\udb40\udc25\udb40\udc26\udb40\udc27\udb40\udc28\udb40\udc29\udb40\udc2a\udb40\udc2b\udb40\udc2c\udb40\udc2d\udb40\udc2e\udb40\udc2f\udb40\udc30\udb40\udc31\udb40\udc32\udb40\udc33\udb40\udc34\udb40\udc35\udb40\udc36\udb40\udc37\udb40\udc38\udb40\udc39\udb40\udc3a\udb40\udc3b\udb40\udc3c\udb40\udc3d\udb40\udc3e\udb40\udc3f\udb40\udc40\udb40\udc41\udb40\udc42\udb40\udc43\udb40\udc44\udb40\udc45\udb40\udc46\udb40\udc47\udb40\udc48\udb40\udc49\udb40\udc4a\udb40\udc4b\udb40\udc4c\udb40\udc4d\udb40\udc4e\udb40\udc4f\udb40\udc50\udb40\udc51\udb40\udc52\udb40\udc53\udb40\udc54\udb40\udc55\udb40\udc56\udb40\udc57\udb40\udc58\udb40\udc59\udb40\udc5a\udb40\udc5b\udb40\udc5c\udb40\udc5d\udb40\udc5e\udb40\udc5f\udb40\udc60\udb40\udc61\udb40\udc62\udb40\udc63\udb40\udc64\udb40\udc65\udb40\udc66\udb40\udc67\udb40\udc68\udb40\udc69\udb40\udc6a\udb40\udc6b\udb40\udc6c\udb40\udc6d\udb40\udc6e\udb40\udc6f\udb40\udc70\udb40\udc71\udb40\udc72\udb40\udc73\udb40\udc74\udb40\udc75\udb40\udc76\udb40\udc77\udb40\udc78\udb40\udc79\udb40\udc7a\udb40\udc7b\udb40\udc7c\udb40\udc7d\udb40\udc7e\udb40\udc7f": "\u00ad\u0600\u0601\u0602\u0603\u0604\u0605\u061c\u06dd\u070f\u180e\u200b\u200c\u200d\u200e\u200f\u202a\u202b\u202c\u202d\u202e\u2060\u2061\u2062\u2063\u2064\u2066\u2067\u2068\u2069\u206a\u206b\u206c\u206d\u206e\u206f\ufeff\ufff9\ufffa\ufffb\ud804\udcbd\ud82f\udca0\ud82f\udca1\ud82f\udca2\ud82f\udca3\ud834\udd73\ud834\udd74\ud834\udd75\ud834\udd76\ud834\udd77\ud834\udd78\ud834\udd79\ud834\udd7a\udb40\udc01\udb40\udc20\udb40\udc21\udb40\udc22\udb40\udc23\udb40\udc24\udb40\udc25\udb40\udc26\udb40\udc27\udb40\udc28\udb40\udc29\udb40\udc2a\udb40\udc2b\udb40\udc2c\udb40\udc2d\udb40\udc2e\udb40\udc2f\udb40\udc30\udb40\udc31\udb40\udc32\udb40\udc33\udb40\udc34\udb40\udc35\udb40\udc36\udb40\udc37\udb40\udc38\udb40\udc39\udb40\udc3a\udb40\udc3b\udb40\udc3c\udb40\udc3d\udb40\udc3e\udb40\udc3f\udb40\udc40\udb40\udc41\udb40\udc42\udb40\udc43\udb40\udc44\udb40\udc45\udb40\udc46\udb40\udc47\udb40\udc48\udb40\udc49\udb40\udc4a\udb40\udc4b\udb40\udc4c\udb40\udc4d\udb40\udc4e\udb40\udc4f\udb40\udc50\udb40\udc51\udb40\udc52\udb40\udc53\udb40\udc54\udb40\udc55\udb40\udc56\udb40\udc57\udb40\udc58\udb40\udc59\udb40\udc5a\udb40\udc5b\udb40\udc5c\udb40\udc5d\udb40\udc5e\udb40\udc5f\udb40\udc60\udb40\udc61\udb40\udc62\udb40\udc63\udb40\udc64\udb40\udc65\udb40\udc66\udb40\udc67\udb40\udc68\udb40\udc69\udb40\udc6a\udb40\udc6b\udb40\udc6c\udb40\udc6d\udb40\udc6e\udb40\udc6f\udb40\udc70\udb40\udc71\udb40\udc72\udb40\udc73\udb40\udc74\udb40\udc75\udb40\udc76\udb40\udc77\udb40\udc78\udb40\udc79\udb40\udc7a\udb40\udc7b\udb40\udc7c\udb40\udc7d\udb40\udc7e\udb40\udc7f", "<img src=x\\x10onerror=\"javascript:alert(1)\">": "<img src=x\\x10onerror=\"javascript:alert(1)\">", "\u24af\u24a3\u24a0 \u24ac\u24b0\u24a4\u249e\u24a6 \u249d\u24ad\u24aa\u24b2\u24a9 \u24a1\u24aa\u24b3 \u24a5\u24b0\u24a8\u24ab\u24ae \u24aa\u24b1\u24a0\u24ad \u24af\u24a3\u24a0 \u24a7\u249c\u24b5\u24b4 \u249f\u24aa\u24a2": "\u24af\u24a3\u24a0 \u24ac\u24b0\u24a4\u249e\u24a6 \u249d\u24ad\u24aa\u24b2\u24a9 \u24a1\u24aa\u24b3 \u24a5\u24b0\u24a8\u24ab\u24ae \u24aa\u24b1\u24a0\u24ad \u24af\u24a3\u24a0 \u24a7\u249c\u24b5\u24b4 \u249f\u24aa\u24a2", "classic": "classic", "<img\\x10src=x onerror=\"javascript:alert(1)\">": "<img\\x10src=x onerror=\"javascript:alert(1)\">", "`ls -al /`": "`ls -al /`", "1;DROP TABLE users": "1;DROP TABLE users", "undef": "undef", "\u202a\u202atest\u202a": "\u202a\u202atest\u202a", "\ud835\udc7b\ud835\udc89\ud835\udc86 \ud835\udc92\ud835\udc96\ud835\udc8a\ud835\udc84\ud835\udc8c \ud835\udc83\ud835\udc93\ud835\udc90\ud835\udc98\ud835\udc8f \ud835\udc87\ud835\udc90\ud835\udc99 \ud835\udc8b\ud835\udc96\ud835\udc8e\ud835\udc91\ud835\udc94 \ud835\udc90\ud835\udc97\ud835\udc86\ud835\udc93 \ud835\udc95\ud835\udc89\ud835\udc86 \ud835\udc8d\ud835\udc82\ud835\udc9b\ud835\udc9a \ud835\udc85\ud835\udc90\ud835\udc88": "\ud835\udc7b\ud835\udc89\ud835\udc86 \ud835\udc92\ud835\udc96\ud835\udc8a\ud835\udc84\ud835\udc8c \ud835\udc83\ud835\udc93\ud835\udc90\ud835\udc98\ud835\udc8f \ud835\udc87\ud835\udc90\ud835\udc99 \ud835\udc8b\ud835\udc96\ud835\udc8e\ud835\udc91\ud835\udc94 \ud835\udc90\ud835\udc97\ud835\udc86\ud835\udc93 \ud835\udc95\ud835\udc89\ud835\udc86 \ud835\udc8d\ud835\udc82\ud835\udc9b\ud835\udc9a \ud835\udc85\ud835\udc90\ud835\udc88", "1 000 000.00": "1 000 000.00", "Dick Van Dyke": "Dick Van Dyke", "#\tScript Injection": "#\tScript Injection", "0": "0", "# U+0000, U+000A, or U+000D (NUL, LF, CR).": "# U+0000, U+000A, or U+000D (NUL, LF, CR).", "0,00": "0,00", "# Non-whitespace C1 controls: U+0080 through U+0084 and U+0086 through U+009F.": "# Non-whitespace C1 controls: U+0080 through U+0084 and U+0086 through U+009F.", "# and U+200B (ZERO WIDTH SPACE), which are in the C categories but are often": "# and U+200B (ZERO WIDTH SPACE), which are in the C categories but are often", "\"><script>alert(123);</script x=\"": "\"><script>alert(123);</script x=\"", "ABC<div style=\"x:\\x0Bexpression(javascript:alert(1)\">DEF": "ABC<div style=\"x:\\x0Bexpression(javascript:alert(1)\">DEF", "0,0,0": "0,0,0", ";alert(123);": ";alert(123);", "<a href=\"javascript\\x3A:javascript:alert(1)\" id=\"fuzzelement1\">test</a>": "<a href=\"javascript\\x3A:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", "<img\\x32src=x onerror=\"javascript:alert(1)\">": "<img\\x32src=x onerror=\"javascript:alert(1)\">", "<a href=\"\\x0Cjavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>": "<a href=\"\\x0Cjavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", "<script\\x3Etype=\"text/javascript\">javascript:alert(1);</script>": "<script\\x3Etype=\"text/javascript\">javascript:alert(1);</script>", "<img\\x13src=x onerror=\"javascript:alert(1)\">": "<img\\x13src=x onerror=\"javascript:alert(1)\">", "False": "False", "<a href=\"\\xE1\\x9A\\x80javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>": "<a href=\"\\xE1\\x9A\\x80javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", "-,": "-,", "-.": "-.", "<a href=\"\\xE2\\x80\\xA8javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>": "<a href=\"\\xE2\\x80\\xA8javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", "1#SNAN": "1#SNAN", "-0": "-0", "\"`'><script>\\xC2\\x85javascript:alert(1)</script>": "\"`'><script>\\xC2\\x85javascript:alert(1)</script>", "\"`'><script>\\xEF\\xBB\\xBFjavascript:alert(1)</script>": "\"`'><script>\\xEF\\xBB\\xBFjavascript:alert(1)</script>", "0,0/0,0": "0,0/0,0", "Kernel.exit(1)": "Kernel.exit(1)", "0x0": "0x0", "ABC<div style=\"x\\x3Aexpression(javascript:alert(1)\">DEF": "ABC<div style=\"x\\x3Aexpression(javascript:alert(1)\">DEF", "\u2066test\u2067": "\u2066test\u2067", "<a href=\"\\x10javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>": "<a href=\"\\x10javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", "ABC<div style=\"x:\\xE2\\x80\\x89expression(javascript:alert(1)\">DEF": "ABC<div style=\"x:\\xE2\\x80\\x89expression(javascript:alert(1)\">DEF", "<a href=\"\\x17javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>": "<a href=\"\\x17javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", "<a href=\"\\xC2\\xA0javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>": "<a href=\"\\xC2\\xA0javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", "1.0/0.0": "1.0/0.0", "#\tSQL Injection": "#\tSQL Injection", "\\\";alert('XSS');//": "\\\";alert('XSS');//", "Z\u032e\u031e\u0320\u0359\u0354\u0345\u1e00\u0317\u031e\u0348\u033b\u0317\u1e36\u0359\u034e\u032f\u0339\u031e\u0353G\u033bO\u032d\u0317\u032e": "Z\u032e\u031e\u0320\u0359\u0354\u0345\u1e00\u0317\u031e\u0348\u033b\u0317\u1e36\u0359\u034e\u032f\u0339\u031e\u0353G\u033bO\u032d\u0317\u032e", "RomansInSussex.co.uk": "RomansInSussex.co.uk", "\" autofocus onkeyup=\"javascript:alert(123)": "\" autofocus onkeyup=\"javascript:alert(123)", "1#QNAN": "1#QNAN", "True": "True", "{0}": "{0}", "\"`'><script>\\xC2\\xA0javascript:alert(1)</script>": "\"`'><script>\\xC2\\xA0javascript:alert(1)</script>", "<a href=\"\\x13javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>": "<a href=\"\\x13javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", " ": " ", "#\tStrings which contain Emoji; should be the same behavior as two-byte characters, but not always": "#\tStrings which contain Emoji; should be the same behavior as two-byte characters, but not always", "ABC<div style=\"x:\\xE2\\x80\\x8Bexpression(javascript:alert(1)\">DEF": "ABC<div style=\"x:\\xE2\\x80\\x8Bexpression(javascript:alert(1)\">DEF", "<<< %s(un='%s') = %u": "<<< %s(un='%s') = %u", "$ENV{'HOME'}": "$ENV{'HOME'}", "#       fonts, and have a number of special behaviors": "#       fonts, and have a number of special behaviors", "Penistone Community Church": "Penistone Community Church", "\u023a": "\u023a", "\u023e": "\u023e", "\ud83d\udebe \ud83c\udd92 \ud83c\udd93 \ud83c\udd95 \ud83c\udd96 \ud83c\udd97 \ud83c\udd99 \ud83c\udfe7": "\ud83d\udebe \ud83c\udd92 \ud83c\udd93 \ud83c\udd95 \ud83c\udd96 \ud83c\udd97 \ud83c\udd99 \ud83c\udfe7", "LPT2": "LPT2", "LPT3": "LPT3", "#\tHuman injection": "#\tHuman injection", "<a href=\"\\xE2\\x80\\x87javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>": "<a href=\"\\xE2\\x80\\x87javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", "INF": "INF", "#\tTwo-Byte Characters": "#\tTwo-Byte Characters", "#\tStrings which can call system commands within Ruby/Rails applications": "#\tStrings which can call system commands within Ruby/Rails applications", "#\tKnown CVEs and Vulnerabilities": "#\tKnown CVEs and Vulnerabilities", "Arsenal canal": "Arsenal canal", "-Infinity": "-Infinity", "\u0153\u2211\u00b4\u00ae\u2020\u00a5\u00a8\u02c6\u00f8\u03c0\u201c\u2018": "\u0153\u2211\u00b4\u00ae\u2020\u00a5\u00a8\u02c6\u00f8\u03c0\u201c\u2018", "<img src=x\\x11onerror=\"javascript:alert(1)\">": "<img src=x\\x11onerror=\"javascript:alert(1)\">", "!@#$%^&*()`~": "!@#$%^&*()`~", "#\tCharacters which increase in length (2 to 3 bytes) when lowercased": "#\tCharacters which increase in length (2 to 3 bytes) when lowercased", "\"`'><script>\\xE2\\x81\\x9Fjavascript:alert(1)</script>": "\"`'><script>\\xE2\\x81\\x9Fjavascript:alert(1)</script>", "\ufffe": "\ufffe", ",./;'[]\\-=": ",./;'[]\\-=", "\u30d1\u30fc\u30c6\u30a3\u30fc\u3078\u884c\u304b\u306a\u3044\u304b": "\u30d1\u30fc\u30c6\u30a3\u30fc\u3078\u884c\u304b\u306a\u3044\u304b", "\u05d4\u05b8\u05d9\u05b0\u05ea\u05b8\u05d4test\u0627\u0644\u0635\u0641\u062d\u0627\u062a \u0627\u0644\u062a\u0651\u062d\u0648\u0644": "\u05d4\u05b8\u05d9\u05b0\u05ea\u05b8\u05d4test\u0627\u0644\u0635\u0641\u062d\u0627\u062a \u0627\u0644\u062a\u0651\u062d\u0648\u0644", "\u2080\u2081\u2082": "\u2080\u2081\u2082", "\u202btest\u202b": "\u202btest\u202b", "<SCRIPT/XSS SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>": "<SCRIPT/XSS SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>", "#\tStrings that test for known vulnerabilities": "#\tStrings that test for known vulnerabilities", "( \u0361\u00b0 \u035c\u0296 \u0361\u00b0)": "( \u0361\u00b0 \u035c\u0296 \u0361\u00b0)", "' OR '1'='1": "' OR '1'='1", "ABC<div style=\"x:\\xC2\\xA0expression(javascript:alert(1)\">DEF": "ABC<div style=\"x:\\xC2\\xA0expression(javascript:alert(1)\">DEF", "1/2": "1/2", "1/0": "1/0", "`\"'><img src=xxx:x \\x0Bonerror=javascript:alert(1)>": "`\"'><img src=xxx:x \\x0Bonerror=javascript:alert(1)>", "\uff9f\uff65\u273f\u30fe\u2572(\uff61\u25d5\u203f\u25d5\uff61)\u2571\u273f\uff65\uff9f": "\uff9f\uff65\u273f\u30fe\u2572(\uff61\u25d5\u203f\u25d5\uff61)\u2571\u273f\uff65\uff9f", "<img src\\x11=x onerror=\"javascript:alert(1)\">": "<img src\\x11=x onerror=\"javascript:alert(1)\">", "<img \\x00src=x onerror=\"alert(1)\">": "<img \\x00src=x onerror=\"alert(1)\">", "#\tUnicode font": "#\tUnicode font", "<img src=x onerror=\\x09\"javascript:alert(1)\">": "<img src=x onerror=\\x09\"javascript:alert(1)\">", "00\u02d9\u0196$-": "00\u02d9\u0196$-", "AUX": "AUX", "<foo val=`bar' />": "<foo val=`bar' />", "1E02": "1E02", "\ud83c\uddfa\ud83c\uddf8\ud83c\uddf7\ud83c\uddfa\ud83c\uddf8\ud83c\udde6": "\ud83c\uddfa\ud83c\uddf8\ud83c\uddf7\ud83c\uddfa\ud83c\uddf8\ud83c\udde6", "\ud83d\udc69\ud83c\udffd": "\ud83d\udc69\ud83c\udffd", "<a href=\"\\x11javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>": "<a href=\"\\x11javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", "$HOME": "$HOME", "<a href=\"\\xE2\\x80\\x83javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>": "<a href=\"\\xE2\\x80\\x83javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", "#\tString which can reveal system files when parsed by a badly configured XML parser": "#\tString which can reveal system files when parsed by a badly configured XML parser", "ABC<div style=\"x:exp\\x5Cression(javascript:alert(1)\">DEF": "ABC<div style=\"x:exp\\x5Cression(javascript:alert(1)\">DEF", "ABC<div style=\"x:\\xE2\\x80\\x84expression(javascript:alert(1)\">DEF": "ABC<div style=\"x:\\xE2\\x80\\x84expression(javascript:alert(1)\">DEF", "\ud83c\uddfa\ud83c\uddf8\ud83c\uddf7\ud83c\uddfa\ud83c\uddf8 \ud83c\udde6\ud83c\uddeb\ud83c\udde6\ud83c\uddf2\ud83c\uddf8": "\ud83c\uddfa\ud83c\uddf8\ud83c\uddf7\ud83c\uddfa\ud83c\uddf8 \ud83c\udde6\ud83c\uddeb\ud83c\udde6\ud83c\uddf2\ud83c\uddf8", "\ud835\udd7f\ud835\udd8d\ud835\udd8a \ud835\udd96\ud835\udd9a\ud835\udd8e\ud835\udd88\ud835\udd90 \ud835\udd87\ud835\udd97\ud835\udd94\ud835\udd9c\ud835\udd93 \ud835\udd8b\ud835\udd94\ud835\udd9d \ud835\udd8f\ud835\udd9a\ud835\udd92\ud835\udd95\ud835\udd98 \ud835\udd94\ud835\udd9b\ud835\udd8a\ud835\udd97 \ud835\udd99\ud835\udd8d\ud835\udd8a \ud835\udd91\ud835\udd86\ud835\udd9f\ud835\udd9e \ud835\udd89\ud835\udd94\ud835\udd8c": "\ud835\udd7f\ud835\udd8d\ud835\udd8a \ud835\udd96\ud835\udd9a\ud835\udd8e\ud835\udd88\ud835\udd90 \ud835\udd87\ud835\udd97\ud835\udd94\ud835\udd9c\ud835\udd93 \ud835\udd8b\ud835\udd94\ud835\udd9d \ud835\udd8f\ud835\udd9a\ud835\udd92\ud835\udd95\ud835\udd98 \ud835\udd94\ud835\udd9b\ud835\udd8a\ud835\udd97 \ud835\udd99\ud835\udd8d\ud835\udd8a \ud835\udd91\ud835\udd86\ud835\udd9f\ud835\udd9e \ud835\udd89\ud835\udd94\ud835\udd8c", "<a href=\"\\xE2\\x80\\x84javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>": "<a href=\"\\xE2\\x80\\x84javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", "0..0": "0..0", "<IMG SRC=\"jav&#x0A;ascript:alert('XSS');\">": "<IMG SRC=\"jav&#x0A;ascript:alert('XSS');\">", "\"`'><script>\\x0Cjavascript:alert(1)</script>": "\"`'><script>\\x0Cjavascript:alert(1)</script>", "<a href=\"\\x1Fjavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>": "<a href=\"\\x1Fjavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", "<a href=\"\\xE2\\x80\\x86javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>": "<a href=\"\\xE2\\x80\\x86javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", "\"`'><script>\\xE2\\x80\\x89javascript:alert(1)</script>": "\"`'><script>\\xE2\\x80\\x89javascript:alert(1)</script>", "1": "1", "1E2": "1E2", "</script><script>alert(123)</script>": "</script><script>alert(123)</script>", "<sc<script>ript>alert(123)</sc</script>ript>": "<sc<script>ript>alert(123)</sc</script>ript>", "ABC<div style=\"x:\\x20expression(javascript:alert(1)\">DEF": "ABC<div style=\"x:\\x20expression(javascript:alert(1)\">DEF", "\u0e14\u0e49\u0e49\u0e49\u0e49\u0e49\u0e47\u0e47\u0e47\u0e47\u0e47\u0e49\u0e49\u0e49\u0e49\u0e49\u0e47\u0e47\u0e47\u0e47\u0e47\u0e49\u0e49\u0e49\u0e49\u0e49\u0e49\u0e49\u0e49\u0e47\u0e47\u0e47\u0e47\u0e47\u0e49\u0e49\u0e49\u0e49\u0e49\u0e47\u0e47\u0e47\u0e47\u0e47\u0e49\u0e49\u0e49\u0e49\u0e49\u0e49\u0e49\u0e49\u0e47\u0e47\u0e47\u0e47\u0e47\u0e49\u0e49\u0e49\u0e49\u0e49\u0e47\u0e47\u0e47\u0e47\u0e47\u0e49\u0e49\u0e49\u0e49\u0e49\u0e49\u0e49\u0e49\u0e47\u0e47\u0e47\u0e47\u0e47\u0e49\u0e49\u0e49\u0e49\u0e49\u0e47\u0e47\u0e47\u0e47 \u0e14\u0e49\u0e49\u0e49\u0e49\u0e49\u0e47\u0e47\u0e47\u0e47\u0e47\u0e49\u0e49\u0e49\u0e49\u0e49\u0e47\u0e47\u0e47\u0e47\u0e47\u0e49\u0e49\u0e49\u0e49\u0e49\u0e49\u0e49\u0e49\u0e47\u0e47\u0e47\u0e47\u0e47\u0e49\u0e49\u0e49\u0e49\u0e49\u0e47\u0e47\u0e47\u0e47\u0e47\u0e49\u0e49\u0e49\u0e49\u0e49\u0e49\u0e49\u0e49\u0e47\u0e47\u0e47\u0e47\u0e47\u0e49\u0e49\u0e49\u0e49\u0e49\u0e47\u0e47\u0e47\u0e47\u0e47\u0e49\u0e49\u0e49\u0e49\u0e49\u0e49\u0e49\u0e49\u0e47\u0e47\u0e47\u0e47\u0e47\u0e49\u0e49\u0e49\u0e49\u0e49\u0e47\u0e47\u0e47\u0e47 \u0e14\u0e49\u0e49\u0e49\u0e49\u0e49\u0e47\u0e47\u0e47\u0e47\u0e47\u0e49\u0e49\u0e49\u0e49\u0e49\u0e47\u0e47\u0e47\u0e47\u0e47\u0e49\u0e49\u0e49\u0e49\u0e49\u0e49\u0e49\u0e49\u0e47\u0e47\u0e47\u0e47\u0e47\u0e49\u0e49\u0e49\u0e49\u0e49\u0e47\u0e47\u0e47\u0e47\u0e47\u0e49\u0e49\u0e49\u0e49\u0e49\u0e49\u0e49\u0e49\u0e47\u0e47\u0e47\u0e47\u0e47\u0e49\u0e49\u0e49\u0e49\u0e49\u0e47\u0e47\u0e47\u0e47\u0e47\u0e49\u0e49\u0e49\u0e49\u0e49\u0e49\u0e49\u0e49\u0e47\u0e47\u0e47\u0e47\u0e47\u0e49\u0e49\u0e49\u0e49\u0e49\u0e47\u0e47\u0e47\u0e47": "\u0e14\u0e49\u0e49\u0e49\u0e49\u0e49\u0e47\u0e47\u0e47\u0e47\u0e47\u0e49\u0e49\u0e49\u0e49\u0e49\u0e47\u0e47\u0e47\u0e47\u0e47\u0e49\u0e49\u0e49\u0e49\u0e49\u0e49\u0e49\u0e49\u0e47\u0e47\u0e47\u0e47\u0e47\u0e49\u0e49\u0e49\u0e49\u0e49\u0e47\u0e47\u0e47\u0e47\u0e47\u0e49\u0e49\u0e49\u0e49\u0e49\u0e49\u0e49\u0e49\u0e47\u0e47\u0e47\u0e47\u0e47\u0e49\u0e49\u0e49\u0e49\u0e49\u0e47\u0e47\u0e47\u0e47\u0e47\u0e49\u0e49\u0e49\u0e49\u0e49\u0e49\u0e49\u0e49\u0e47\u0e47\u0e47\u0e47\u0e47\u0e49\u0e49\u0e49\u0e49\u0e49\u0e47\u0e47\u0e47\u0e47 \u0e14\u0e49\u0e49\u0e49\u0e49\u0e49\u0e47\u0e47\u0e47\u0e47\u0e47\u0e49\u0e49\u0e49\u0e49\u0e49\u0e47\u0e47\u0e47\u0e47\u0e47\u0e49\u0e49\u0e49\u0e49\u0e49\u0e49\u0e49\u0e49\u0e47\u0e47\u0e47\u0e47\u0e47\u0e49\u0e49\u0e49\u0e49\u0e49\u0e47\u0e47\u0e47\u0e47\u0e47\u0e49\u0e49\u0e49\u0e49\u0e49\u0e49\u0e49\u0e49\u0e47\u0e47\u0e47\u0e47\u0e47\u0e49\u0e49\u0e49\u0e49\u0e49\u0e47\u0e47\u0e47\u0e47\u0e47\u0e49\u0e49\u0e49\u0e49\u0e49\u0e49\u0e49\u0e49\u0e47\u0e47\u0e47\u0e47\u0e47\u0e49\u0e49\u0e49\u0e49\u0e49\u0e47\u0e47\u0e47\u0e47 \u0e14\u0e49\u0e49\u0e49\u0e49\u0e49\u0e47\u0e47\u0e47\u0e47\u0e47\u0e49\u0e49\u0e49\u0e49\u0e49\u0e47\u0e47\u0e47\u0e47\u0e47\u0e49\u0e49\u0e49\u0e49\u0e49\u0e49\u0e49\u0e49\u0e47\u0e47\u0e47\u0e47\u0e47\u0e49\u0e49\u0e49\u0e49\u0e49\u0e47\u0e47\u0e47\u0e47\u0e47\u0e49\u0e49\u0e49\u0e49\u0e49\u0e49\u0e49\u0e49\u0e47\u0e47\u0e47\u0e47\u0e47\u0e49\u0e49\u0e49\u0e49\u0e49\u0e47\u0e47\u0e47\u0e47\u0e47\u0e49\u0e49\u0e49\u0e49\u0e49\u0e49\u0e49\u0e49\u0e47\u0e47\u0e47\u0e47\u0e47\u0e49\u0e49\u0e49\u0e49\u0e49\u0e47\u0e47\u0e47\u0e47", "<img src=x\\x13onerror=\"javascript:alert(1)\">": "<img src=x\\x13onerror=\"javascript:alert(1)\">", "Super Bowl XXX": "Super Bowl XXX", "<img src=x\\x09onerror=\"javascript:alert(1)\">": "<img src=x\\x09onerror=\"javascript:alert(1)\">", "123456789012345678901234567890123456789": "123456789012345678901234567890123456789", "<u oncopy=alert()> Copy me</u>": "<u oncopy=alert()> Copy me</u>", "<script\\x09type=\"text/javascript\">javascript:alert(1);</script>": "<script\\x09type=\"text/javascript\">javascript:alert(1);</script>", "\ud83c\uddfa\ud83c\uddf8\ud83c\uddf7\ud83c\uddfa\ud83c\uddf8\ud83c\udde6\ud83c\uddeb\ud83c\udde6\ud83c\uddf2": "\ud83c\uddfa\ud83c\uddf8\ud83c\uddf7\ud83c\uddfa\ud83c\uddf8\ud83c\udde6\ud83c\uddeb\ud83c\udde6\ud83c\uddf2", "<a href=\"javascript\\x09:javascript:alert(1)\" id=\"fuzzelement1\">test</a>": "<a href=\"javascript\\x09:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", "ABC<div style=\"x:\\x09expression(javascript:alert(1)\">DEF": "ABC<div style=\"x:\\x09expression(javascript:alert(1)\">DEF", "\u0080\u0081\u0082\u0083\u0084\u0086\u0087\u0088\u0089\u008a\u008b\u008c\u008d\u008e\u008f\u0090\u0091\u0092\u0093\u0094\u0095\u0096\u0097\u0098\u0099\u009a\u009b\u009c\u009d\u009e\u009f": "\u0080\u0081\u0082\u0083\u0084\u0086\u0087\u0088\u0089\u008a\u008b\u008c\u008d\u008e\u008f\u0090\u0091\u0092\u0093\u0094\u0095\u0096\u0097\u0098\u0099\u009a\u009b\u009c\u009d\u009e\u009f", "<a href=\"\\x08javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>": "<a href=\"\\x08javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", "<IMG SRC=\"jav&#x0D;ascript:alert('XSS');\">": "<IMG SRC=\"jav&#x0D;ascript:alert('XSS');\">", "<a href=\"\\x09javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>": "<a href=\"\\x09javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", "<img src\\x09=x onerror=\"javascript:alert(1)\">": "<img src\\x09=x onerror=\"javascript:alert(1)\">", "Jimmy Clitheroe": "Jimmy Clitheroe", "-1E02": "-1E02", "#\tChanging length when lowercased": "#\tChanging length when lowercased", "<IMG SRC=\"jav   ascript:alert('XSS');\">": "<IMG SRC=\"jav   ascript:alert('XSS');\">", "\u00b8\u02db\u00c7\u25ca\u0131\u02dc\u00c2\u00af\u02d8\u00bf": "\u00b8\u02db\u00c7\u25ca\u0131\u02dc\u00c2\u00af\u02d8\u00bf", "\";alert(123);t=\"": "\";alert(123);t=\"", "<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>": "<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>", "\"`'><script>\\xE1\\xA0\\x8Ejavascript:alert(1)</script>": "\"`'><script>\\xE1\\xA0\\x8Ejavascript:alert(1)</script>", "\u0321\u0353\u031e\u0345I\u0317\u0318\u0326\u035dn\u0347\u0347\u0359v\u032e\u032bok\u0332\u032b\u0319\u0348i\u0316\u0359\u032d\u0339\u0320\u031en\u0321\u033b\u032e\u0323\u033ag\u0332\u0348\u0359\u032d\u0359\u032c\u034e \u0330t\u0354\u0326h\u031e\u0332e\u0322\u0324 \u034d\u032c\u0332\u0356f\u0334\u0318\u0355\u0323\u00e8\u0356\u1eb9\u0325\u0329l\u0356\u0354\u035ai\u0353\u035a\u0326\u0360n\u0356\u034d\u0317\u0353\u0333\u032eg\u034d \u0328o\u035a\u032a\u0361f\u0318\u0323\u032c \u0316\u0318\u0356\u031f\u0359\u032ec\u0489\u0354\u032b\u0356\u0353\u0347\u0356\u0345h\u0335\u0324\u0323\u035a\u0354\u00e1\u0317\u033c\u0355\u0345o\u033c\u0323\u0325s\u0331\u0348\u033a\u0316\u0326\u033b\u0362.\u031b\u0316\u031e\u0320\u032b\u0330": "\u0321\u0353\u031e\u0345I\u0317\u0318\u0326\u035dn\u0347\u0347\u0359v\u032e\u032bok\u0332\u032b\u0319\u0348i\u0316\u0359\u032d\u0339\u0320\u031en\u0321\u033b\u032e\u0323\u033ag\u0332\u0348\u0359\u032d\u0359\u032c\u034e \u0330t\u0354\u0326h\u031e\u0332e\u0322\u0324 \u034d\u032c\u0332\u0356f\u0334\u0318\u0355\u0323\u00e8\u0356\u1eb9\u0325\u0329l\u0356\u0354\u035ai\u0353\u035a\u0326\u0360n\u0356\u034d\u0317\u0353\u0333\u032eg\u034d \u0328o\u035a\u032a\u0361f\u0318\u0323\u032c \u0316\u0318\u0356\u031f\u0359\u032ec\u0489\u0354\u032b\u0356\u0353\u0347\u0356\u0345h\u0335\u0324\u0323\u035a\u0354\u00e1\u0317\u033c\u0355\u0345o\u033c\u0323\u0325s\u0331\u0348\u033a\u0316\u0326\u033b\u0362.\u031b\u0316\u031e\u0320\u032b\u0330", "#\tInnocuous strings which may be blocked by profanity filters (https://en.wikipedia.org/wiki/Scunthorpe_problem)": "#\tInnocuous strings which may be blocked by profanity filters (https://en.wikipedia.org/wiki/Scunthorpe_problem)", "#\tMSDOS/Windows Special Filenames": "#\tMSDOS/Windows Special Filenames", "<>?:\"{}|_+": "<>?:\"{}|_+", "TRUE": "TRUE", "\ufeff": "\ufeff", "1'000,00": "1'000,00", "PRN": "PRN", ",": ",", "\u00a1\u2122\u00a3\u00a2\u221e\u00a7\u00b6\u2022\u00aa\u00ba\u2013\u2260": "\u00a1\u2122\u00a3\u00a2\u221e\u00a7\u00b6\u2022\u00aa\u00ba\u2013\u2260", "\u548c\u88fd\u6f22\u8a9e": "\u548c\u88fd\u6f22\u8a9e", "#\tStrings which contain bold/italic/etc. versions of normal characters": "#\tStrings which contain bold/italic/etc. versions of normal characters", "Dr. Herman I. Libshitz": "Dr. Herman I. Libshitz", "\u0152\u201e\u00b4\u2030\u02c7\u00c1\u00a8\u02c6\u00d8\u220f\u201d\u2019": "\u0152\u201e\u00b4\u2030\u02c7\u00c1\u00a8\u02c6\u00d8\u220f\u201d\u2019", "#\tStrings which consists of Japanese-style emoticons which are popular on the web": "#\tStrings which consists of Japanese-style emoticons which are popular on the web", "%x('ls -al /')": "%x('ls -al /')", "%d": "%d", "#\tStrings which contain unicode subscripts/superscripts; can cause rendering issues": "#\tStrings which contain unicode subscripts/superscripts; can cause rendering issues", "\"`'><script>\\xE2\\x80\\x81javascript:alert(1)</script>": "\"`'><script>\\xE2\\x80\\x81javascript:alert(1)</script>", "<!--[if]><script>javascript:alert(1)</script -->": "<!--[if]><script>javascript:alert(1)</script -->", "1'000'000.00": "1'000'000.00", "false": "false", "\\": "\\", "%s": "%s", "1.00": "1.00", "<!--[if<img src=x onerror=javascript:alert(1)//]> -->": "<!--[if<img src=x onerror=javascript:alert(1)//]> -->", "nil": "nil", "`\u2044\u20ac\u2039\u203a\ufb01\ufb02\u2021\u00b0\u00b7\u201a\u2014\u00b1": "`\u2044\u20ac\u2039\u203a\ufb01\ufb02\u2021\u00b0\u00b7\u201a\u2014\u00b1", "\uff40\uff68(\u00b4\u2200\uff40\u2229": "\uff40\uff68(\u00b4\u2200\uff40\u2229", "`\"'><img src=xxx:x \\x2Fonerror=javascript:alert(1)>": "`\"'><img src=xxx:x \\x2Fonerror=javascript:alert(1)>", "<a href=\"\\x01javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>": "<a href=\"\\x01javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", "(\u256f\u00b0\u25a1\u00b0\uff09\u256f\ufe35 \u253b\u2501\u253b)": "(\u256f\u00b0\u25a1\u00b0\uff09\u256f\ufe35 \u253b\u2501\u253b)", "\"`'><script>\\x00javascript:alert(1)</script>": "\"`'><script>\\x00javascript:alert(1)</script>", "ABC<div style=\"x:\\xE2\\x80\\x80expression(javascript:alert(1)\">DEF": "ABC<div style=\"x:\\xE2\\x80\\x80expression(javascript:alert(1)\">DEF", "\u7530\u4e2d\u3055\u3093\u306b\u3042\u3052\u3066\u4e0b\u3055\u3044": "\u7530\u4e2d\u3055\u3093\u306b\u3042\u3052\u3066\u4e0b\u3055\u3044", "<SCRIPT SRC=http://ha.ckers.org/xss.js?< B >": "<SCRIPT SRC=http://ha.ckers.org/xss.js?< B >", "<a href=java&#1&#2&#3&#4&#5&#6&#7&#8&#11&#12script:javascript:alert(1)>XXX</a>": "<a href=java&#1&#2&#3&#4&#5&#6&#7&#8&#11&#12script:javascript:alert(1)>XXX</a>", " onfocus=JaVaSCript:alert(123) autofocus": " onfocus=JaVaSCript:alert(123) autofocus", "\ud835\udce3\ud835\udcf1\ud835\udcee \ud835\udcfa\ud835\udcfe\ud835\udcf2\ud835\udcec\ud835\udcf4 \ud835\udceb\ud835\udcfb\ud835\udcf8\ud835\udd00\ud835\udcf7 \ud835\udcef\ud835\udcf8\ud835\udd01 \ud835\udcf3\ud835\udcfe\ud835\udcf6\ud835\udcf9\ud835\udcfc \ud835\udcf8\ud835\udcff\ud835\udcee\ud835\udcfb \ud835\udcfd\ud835\udcf1\ud835\udcee \ud835\udcf5\ud835\udcea\ud835\udd03\ud835\udd02 \ud835\udced\ud835\udcf8\ud835\udcf0": "\ud835\udce3\ud835\udcf1\ud835\udcee \ud835\udcfa\ud835\udcfe\ud835\udcf2\ud835\udcec\ud835\udcf4 \ud835\udceb\ud835\udcfb\ud835\udcf8\ud835\udd00\ud835\udcf7 \ud835\udcef\ud835\udcf8\ud835\udd01 \ud835\udcf3\ud835\udcfe\ud835\udcf6\ud835\udcf9\ud835\udcfc \ud835\udcf8\ud835\udcff\ud835\udcee\ud835\udcfb \ud835\udcfd\ud835\udcf1\ud835\udcee \ud835\udcf5\ud835\udcea\ud835\udd03\ud835\udd02 \ud835\udced\ud835\udcf8\ud835\udcf0", "<img src=x onerror=\\x00\"javascript:alert(1)\">": "<img src=x onerror=\\x00\"javascript:alert(1)\">", "\u062b\u0645 \u0646\u0641\u0633 \u0633\u0642\u0637\u062a \u0648\u0628\u0627\u0644\u062a\u062d\u062f\u064a\u062f\u060c, \u062c\u0632\u064a\u0631\u062a\u064a \u0628\u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0623\u0646 \u062f\u0646\u0648. \u0625\u0630 \u0647\u0646\u0627\u061f \u0627\u0644\u0633\u062a\u0627\u0631 \u0648\u062a\u0646\u0635\u064a\u0628 \u0643\u0627\u0646. \u0623\u0647\u0651\u0644 \u0627\u064a\u0637\u0627\u0644\u064a\u0627\u060c \u0628\u0631\u064a\u0637\u0627\u0646\u064a\u0627-\u0641\u0631\u0646\u0633\u0627 \u0642\u062f \u0623\u062e\u0630. \u0633\u0644\u064a\u0645\u0627\u0646\u060c \u0625\u062a\u0641\u0627\u0642\u064a\u0629 \u0628\u064a\u0646 \u0645\u0627, \u064a\u0630\u0643\u0631 \u0627\u0644\u062d\u062f\u0648\u062f \u0623\u064a \u0628\u0639\u062f, \u0645\u0639\u0627\u0645\u0644\u0629 \u0628\u0648\u0644\u0646\u062f\u0627\u060c \u0627\u0644\u0625\u0637\u0644\u0627\u0642 \u0639\u0644 \u0625\u064a\u0648.": "\u062b\u0645 \u0646\u0641\u0633 \u0633\u0642\u0637\u062a \u0648\u0628\u0627\u0644\u062a\u062d\u062f\u064a\u062f\u060c, \u062c\u0632\u064a\u0631\u062a\u064a \u0628\u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0623\u0646 \u062f\u0646\u0648. \u0625\u0630 \u0647\u0646\u0627\u061f \u0627\u0644\u0633\u062a\u0627\u0631 \u0648\u062a\u0646\u0635\u064a\u0628 \u0643\u0627\u0646. \u0623\u0647\u0651\u0644 \u0627\u064a\u0637\u0627\u0644\u064a\u0627\u060c \u0628\u0631\u064a\u0637\u0627\u0646\u064a\u0627-\u0641\u0631\u0646\u0633\u0627 \u0642\u062f \u0623\u062e\u0630. \u0633\u0644\u064a\u0645\u0627\u0646\u060c \u0625\u062a\u0641\u0627\u0642\u064a\u0629 \u0628\u064a\u0646 \u0645\u0627, \u064a\u0630\u0643\u0631 \u0627\u0644\u062d\u062f\u0648\u062f \u0623\u064a \u0628\u0639\u062f, \u0645\u0639\u0627\u0645\u0644\u0629 \u0628\u0648\u0644\u0646\u062f\u0627\u060c \u0627\u0644\u0625\u0637\u0644\u0627\u0642 \u0639\u0644 \u0625\u064a\u0648.", "\"`'><script>\\xE1\\x9A\\x80javascript:alert(1)</script>": "\"`'><script>\\xE1\\x9A\\x80javascript:alert(1)</script>", "\"`'><script>\\xE2\\x80\\x86javascript:alert(1)</script>": "\"`'><script>\\xE2\\x80\\x86javascript:alert(1)</script>", "'\"'": "'\"'", "0.0/0.0": "0.0/0.0", "#\tCommand Injection (Ruby)": "#\tCommand Injection (Ruby)", "<a href=\"\\x05javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>": "<a href=\"\\x05javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", "'": "'", "#\tStrings which crashed iMessage in various versions of iOS": "#\tStrings which crashed iMessage in various versions of iOS", "\"`'><script>\\x0Djavascript:alert(1)</script>": "\"`'><script>\\x0Djavascript:alert(1)</script>", "</textarea><script>alert(123)</script>": "</textarea><script>alert(123)</script>", "<a href=\"\\xE1\\xA0\\x8Ejavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>": "<a href=\"\\xE1\\xA0\\x8Ejavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", "\u0660\u0661\u0662\u0663\u0664\u0665\u0666\u0667\u0668\u0669": "\u0660\u0661\u0662\u0663\u0664\u0665\u0666\u0667\u0668\u0669", "<SCRIPT/SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>": "<SCRIPT/SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>", "-1": "-1", "#\tStrings which contain common unicode symbols (e.g. smart quotes)": "#\tStrings which contain common unicode symbols (e.g. smart quotes)", "None": "None", "../../../../../../../../../../../etc/passwd%00": "../../../../../../../../../../../etc/passwd%00", "#\tUnwanted Interpolation": "#\tUnwanted Interpolation", "#\tStrings which can be accidentally expanded into different strings if evaluated in the wrong context, e.g. used as a printf format string or via Perl or shell eval. Might expose sensitive data from the program doing the interpolation, or might just represent the wrong string.": "#\tStrings which can be accidentally expanded into different strings if evaluated in the wrong context, e.g. used as a printf format string or via Perl or shell eval. Might expose sensitive data from the program doing the interpolation, or might just represent the wrong string.", "(null)": "(null)", "`\"'><img src=xxx:x \\x00onerror=javascript:alert(1)>": "`\"'><img src=xxx:x \\x00onerror=javascript:alert(1)>", "#\tStrings which contain misplaced quotation marks; can cause encoding errors": "#\tStrings which contain misplaced quotation marks; can cause encoding errors", "\"`'><script>\\xF0\\x90\\x96\\x9Ajavascript:alert(1)</script>": "\"`'><script>\\xF0\\x90\\x96\\x9Ajavascript:alert(1)</script>", "#\tStrings which may cause human to reinterpret worldview": "#\tStrings which may cause human to reinterpret worldview", "<img \\x39src=x onerror=\"javascript:alert(1)\">": "<img \\x39src=x onerror=\"javascript:alert(1)\">", "perl -e 'print \"<IMG SRC=java\\0script:alert(\\\"XSS\\\")>\";' > out": "perl -e 'print \"<IMG SRC=java\\0script:alert(\\\"XSS\\\")>\";' > out", "<script\\x20type=\"text/javascript\">javascript:alert(1);</script>": "<script\\x20type=\"text/javascript\">javascript:alert(1);</script>", "Lightwater Country Park": "Lightwater Country Park", "# The next two lines may appear to be blank or mojibake in some viewers.": "# The next two lines may appear to be blank or mojibake in some viewers.", "+0": "+0", "';alert(123);t='": "';alert(123);t='", "#\tUnicode Numbers": "#\tUnicode Numbers", "<a href=\"javascript\\x0A:javascript:alert(1)\" id=\"fuzzelement1\">test</a>": "<a href=\"javascript\\x0A:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", "<img src=x\\x12onerror=\"javascript:alert(1)\">": "<img src=x\\x12onerror=\"javascript:alert(1)\">", "../../../../../../../../../../../etc/hosts": "../../../../../../../../../../../etc/hosts", "999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999": "999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999", "The quic\b\b\b\b\b\bk brown fo\u0007\u0007\u0007\u0007\u0007\u0007\u0007\u0007\u0007\u0007\u0007x... [Beeeep]": "The quic\b\b\b\b\b\bk brown fo\u0007\u0007\u0007\u0007\u0007\u0007\u0007\u0007\u0007\u0007\u0007x... [Beeeep]", "ABC<div style=\"x:exp\\x00ression(javascript:alert(1)\">DEF": "ABC<div style=\"x:exp\\x00ression(javascript:alert(1)\">DEF", "\ufdfd": "\ufdfd", "' OR 1=1 -- 1": "' OR 1=1 -- 1", "\ufdfa": "\ufdfa", "<img src\\x00=x onerror=\"javascript:alert(1)\">": "<img src\\x00=x onerror=\"javascript:alert(1)\">", "1 000 000,00": "1 000 000,00", "#\tUnicode Symbols": "#\tUnicode Symbols", "<a href=\"\\x0Fjavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>": "<a href=\"\\x0Fjavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", "\"": "\"", "<script>alert(123)</script>": "<script>alert(123)</script>", "0.00": "0.00", "NUL": "NUL", "\"`'><script>\\xE2\\x80\\x85javascript:alert(1)</script>": "\"`'><script>\\xE2\\x80\\x85javascript:alert(1)</script>", "#\tStrings which contain text that should be rendered RTL if possible (e.g. Arabic, Hebrew)": "#\tStrings which contain text that should be rendered RTL if possible (e.g. Arabic, Hebrew)", "<img src=x onerror=\\x11\"javascript:alert(1)\">": "<img src=x onerror=\\x11\"javascript:alert(1)\">", "\"`'><script>\\xE2\\x80\\xAFjavascript:alert(1)</script>": "\"`'><script>\\xE2\\x80\\xAFjavascript:alert(1)</script>", "$(touch /tmp/blns.fail)": "$(touch /tmp/blns.fail)", "<a href=\"\\xE2\\x80\\xA9javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>": "<a href=\"\\xE2\\x80\\xA9javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", "# The next line may appear to be blank, mojibake, or dingbats in some viewers.": "# The next line may appear to be blank, mojibake, or dingbats in some viewers.", "`touch /tmp/blns.fail`": "`touch /tmp/blns.fail`", "<<SCRIPT>alert(\"XSS\");//<</SCRIPT>": "<<SCRIPT>alert(\"XSS\");//<</SCRIPT>", "\"`'><script>\\xE2\\x80\\x87javascript:alert(1)</script>": "\"`'><script>\\xE2\\x80\\x87javascript:alert(1)</script>", "#       Regional Indicator Symbols": "#       Regional Indicator Symbols", "\ud83d\ude0d": "\ud83d\ude0d", "<a href=\"\\x0Djavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>": "<a href=\"\\x0Djavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", "<iframe src=http://ha.ckers.org/scriptlet.html <": "<iframe src=http://ha.ckers.org/scriptlet.html <", "ABC<div style=\"x:\\xE2\\x80\\x85expression(javascript:alert(1)\">DEF": "ABC<div style=\"x:\\xE2\\x80\\x85expression(javascript:alert(1)\">DEF", "FALSE": "FALSE", "#\tScunthorpe Problem": "#\tScunthorpe Problem", "2.2250738585072011e-308": "2.2250738585072011e-308", "`\"'><img src=xxx:x \\x0Conerror=javascript:alert(1)>": "`\"'><img src=xxx:x \\x0Conerror=javascript:alert(1)>", "'`\"><\\x3Cscript>javascript:alert(1)</script>": "'`\"><\\x3Cscript>javascript:alert(1)</script>", "<IMG SRC=# onmouseover=\"alert('xxs')\">": "<IMG SRC=# onmouseover=\"alert('xxs')\">", "--help": "--help", "<a href=\"\\xE2\\x80\\xAFjavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>": "<a href=\"\\xE2\\x80\\xAFjavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", "#   Strings that may occur on IRC clients that make security products freak out": "#   Strings that may occur on IRC clients that make security products freak out", "1,0/0,0": "1,0/0,0", "\"`'><script>\\x21javascript:alert(1)</script>": "\"`'><script>\\x21javascript:alert(1)</script>", "<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>": "<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>", "\"`'><script>\\xE2\\x80\\xA9javascript:alert(1)</script>": "\"`'><script>\\xE2\\x80\\xA9javascript:alert(1)</script>", "Linda Callahan": "Linda Callahan", "0xffffffffffffffff": "0xffffffffffffffff", "null": "null", "# general category Cf (in Unicode 8.0.0).": "# general category Cf (in Unicode 8.0.0).", "<img \\x47src=x onerror=\"javascript:alert(1)\">": "<img \\x47src=x onerror=\"javascript:alert(1)\">", "#   IRC specific strings": "#   IRC specific strings", "--><script>alert(123)</script>": "--><script>alert(123)</script>", "#\tiOS Vulnerabilities": "#\tiOS Vulnerabilities", "#\tStrings which contain unicode numbers; if the code is localized, it should see the input as numeric": "#\tStrings which contain unicode numbers; if the code is localized, it should see the input as numeric", "><script>alert(123);</script x=": "><script>alert(123);</script x=", "http://a/%%30%30": "http://a/%%30%30", "ABC<div style=\"x:\\xE2\\x80\\x83expression(javascript:alert(1)\">DEF": "ABC<div style=\"x:\\xE2\\x80\\x83expression(javascript:alert(1)\">DEF", "1#INF": "1#INF", "1#IND": "1#IND", "ABC<div style=\"x:expression\\x5C(javascript:alert(1)\">DEF": "ABC<div style=\"x:expression\\x5C(javascript:alert(1)\">DEF", "<a href=\"\\x0Ejavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>": "<a href=\"\\x0Ejavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", "<script\\x0Dtype=\"text/javascript\">javascript:alert(1);</script>": "<script\\x0Dtype=\"text/javascript\">javascript:alert(1);</script>", "$1.00": "$1.00", "# The next line may appear to be blank or mojibake in some viewers.": "# The next line may appear to be blank or mojibake in some viewers.", "# This file unfortunately cannot express strings containing": "# This file unfortunately cannot express strings containing", "<a href=http://foo.bar/#x=`y></a><img alt=\"`><img src=x:x onerror=javascript:alert(1)></a>\">": "<a href=http://foo.bar/#x=`y></a><img alt=\"`><img src=x:x onerror=javascript:alert(1)></a>\">", "# \"Byte order marks\", U+FEFF and U+FFFE, each on its own line.": "# \"Byte order marks\", U+FEFF and U+FFFE, each on its own line.", "`\"'><img src=xxx:x \\x0Donerror=javascript:alert(1)>": "`\"'><img src=xxx:x \\x0Donerror=javascript:alert(1)>", "<a href=\"\\x19javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>": "<a href=\"\\x19javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", "<IMG SRC=\" &#14;  javascript:alert('XSS');\">": "<IMG SRC=\" &#14;  javascript:alert('XSS');\">", "\" onfocus=JaVaSCript:alert(123) autofocus": "\" onfocus=JaVaSCript:alert(123) autofocus", "<a href=\"javascript\\x00:javascript:alert(1)\" id=\"fuzzelement1\">test</a>": "<a href=\"javascript\\x00:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", "<script src=\"\\\\%(jscript)s\"></script>": "<script src=\"\\\\%(jscript)s\"></script>", "#       Regional Indicator Symbols can be displayed differently across": "#       Regional Indicator Symbols can be displayed differently across", "# contexts.  Divided into three groups based on (US-layout) keyboard position.": "# contexts.  Divided into three groups based on (US-layout) keyboard position.", "Kernel.exec(\"ls -al /\")": "Kernel.exec(\"ls -al /\")", "\u0001\u0002\u0003\u0004\u0005\u0006\u0007\b\u000e\u000f\u0010\u0011\u0012\u0013\u0014\u0015\u0016\u0017\u0018\u0019\u001a\u001b\u001c\u001d\u001e\u001f\u007f": "\u0001\u0002\u0003\u0004\u0005\u0006\u0007\b\u000e\u000f\u0010\u0011\u0012\u0013\u0014\u0015\u0016\u0017\u0018\u0019\u001a\u001b\u001c\u001d\u001e\u001f\u007f", "ABC<div style=\"x:\\xE2\\x80\\x8Aexpression(javascript:alert(1)\">DEF": "ABC<div style=\"x:\\xE2\\x80\\x8Aexpression(javascript:alert(1)\">DEF", "<a href=\"javascript\\x0D:javascript:alert(1)\" id=\"fuzzelement1\">test</a>": "<a href=\"javascript\\x0D:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", "\ud835\udd4b\ud835\udd59\ud835\udd56 \ud835\udd62\ud835\udd66\ud835\udd5a\ud835\udd54\ud835\udd5c \ud835\udd53\ud835\udd63\ud835\udd60\ud835\udd68\ud835\udd5f \ud835\udd57\ud835\udd60\ud835\udd69 \ud835\udd5b\ud835\udd66\ud835\udd5e\ud835\udd61\ud835\udd64 \ud835\udd60\ud835\udd67\ud835\udd56\ud835\udd63 \ud835\udd65\ud835\udd59\ud835\udd56 \ud835\udd5d\ud835\udd52\ud835\udd6b\ud835\udd6a \ud835\udd55\ud835\udd60\ud835\udd58": "\ud835\udd4b\ud835\udd59\ud835\udd56 \ud835\udd62\ud835\udd66\ud835\udd5a\ud835\udd54\ud835\udd5c \ud835\udd53\ud835\udd63\ud835\udd60\ud835\udd68\ud835\udd5f \ud835\udd57\ud835\udd60\ud835\udd69 \ud835\udd5b\ud835\udd66\ud835\udd5e\ud835\udd61\ud835\udd64 \ud835\udd60\ud835\udd67\ud835\udd56\ud835\udd63 \ud835\udd65\ud835\udd59\ud835\udd56 \ud835\udd5d\ud835\udd52\ud835\udd6b\ud835\udd6a \ud835\udd55\ud835\udd60\ud835\udd58", "But now...\u001b[20Cfor my greatest trick...\u001b[8m": "But now...\u001b[20Cfor my greatest trick...\u001b[8m", "\u03a9\u2248\u00e7\u221a\u222b\u02dc\u00b5\u2264\u2265\u00f7": "\u03a9\u2248\u00e7\u221a\u222b\u02dc\u00b5\u2264\u2265\u00f7", "File:///": "File:///", "<a href=\"\\xE2\\x80\\x81javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>": "<a href=\"\\xE2\\x80\\x81javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", "#\tStrings which attempt to invoke a benign script injection; shows vulnerability to XSS": "#\tStrings which attempt to invoke a benign script injection; shows vulnerability to XSS", "\"`'><script>\\xE2\\x80\\x8Ajavascript:alert(1)</script>": "\"`'><script>\\xE2\\x80\\x8Ajavascript:alert(1)</script>", "<IMG SRC= onmouseover=\"alert('xxs')\">": "<IMG SRC= onmouseover=\"alert('xxs')\">", "<a href=\"\\xE2\\x80\\x82javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>": "<a href=\"\\xE2\\x80\\x82javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", "<a href=\"\\x1Ejavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>": "<a href=\"\\x1Ejavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", "\"><script>alert(123)</script>": "\"><script>alert(123)</script>", "#\tTerminal escape codes": "#\tTerminal escape codes", "'`\"><\\x00script>javascript:alert(1)</script>": "'`\"><\\x00script>javascript:alert(1)</script>", "(\uff61\u25d5 \u2200 \u25d5\uff61)": "(\uff61\u25d5 \u2200 \u25d5\uff61)", "\"`'><script>\\xE2\\x80\\xA8javascript:alert(1)</script>": "\"`'><script>\\xE2\\x80\\xA8javascript:alert(1)</script>", "#\tStrings which contain two-byte characters: can cause rendering issues or character-length issues": "#\tStrings which contain two-byte characters: can cause rendering issues or character-length issues", "basement": "basement", "\u00e5\u00df\u2202\u0192\u00a9\u02d9\u2206\u02da\u00ac\u2026\u00e6": "\u00e5\u00df\u2202\u0192\u00a9\u02d9\u2206\u02da\u00ac\u2026\u00e6", "#\tFile Inclusion": "#\tFile Inclusion", "<a href=\"\\x1Ajavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>": "<a href=\"\\x1Ajavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", "\u30fd\u0f3c\u0e88\u0644\u035c\u0e88\u0f3d\uff89 \u30fd\u0f3c\u0e88\u0644\u035c\u0e88\u0f3d\uff89": "\u30fd\u0f3c\u0e88\u0644\u035c\u0e88\u0f3d\uff89 \u30fd\u0f3c\u0e88\u0644\u035c\u0e88\u0f3d\uff89", "eval(\"puts 'hello world'\")": "eval(\"puts 'hello world'\")", "-2147483648/-1": "-2147483648/-1", "NIL": "NIL", "<img \\x11src=x onerror=\"javascript:alert(1)\">": "<img \\x11src=x onerror=\"javascript:alert(1)\">", "<a href=\"\\x04javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>": "<a href=\"\\x04javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", "<SCRIPT SRC=//ha.ckers.org/.j>": "<SCRIPT SRC=//ha.ckers.org/.j>", "\u0326H\u032c\u0324\u0317\u0324\u035de\u035c \u031c\u0325\u031d\u033b\u034d\u031f\u0301w\u0315h\u0316\u032f\u0353o\u031d\u0359\u0316\u034e\u0331\u032e \u0489\u033a\u0319\u031e\u031f\u0348W\u0337\u033c\u032da\u033a\u032a\u034d\u012f\u0348\u0355\u032d\u0359\u032f\u031ct\u0336\u033c\u032es\u0318\u0359\u0356\u0315 \u0320\u032b\u0320B\u033b\u034d\u0359\u0349\u0333\u0345e\u0335h\u0335\u032c\u0347\u032b\u0359i\u0339\u0353\u0333\u0333\u032e\u034e\u032b\u0315n\u035fd\u0334\u032a\u031c\u0316 \u0330\u0349\u0329\u0347\u0359\u0332\u035e\u0345T\u0356\u033c\u0353\u032a\u0362h\u034f\u0353\u032e\u033be\u032c\u031d\u031f\u0345 \u0324\u0339\u031dW\u0359\u031e\u031d\u0354\u0347\u035d\u0345a\u034f\u0353\u0354\u0339\u033c\u0323l\u0334\u0354\u0330\u0324\u031f\u0354\u1e3d\u032b.\u0355": "\u0326H\u032c\u0324\u0317\u0324\u035de\u035c \u031c\u0325\u031d\u033b\u034d\u031f\u0301w\u0315h\u0316\u032f\u0353o\u031d\u0359\u0316\u034e\u0331\u032e \u0489\u033a\u0319\u031e\u031f\u0348W\u0337\u033c\u032da\u033a\u032a\u034d\u012f\u0348\u0355\u032d\u0359\u032f\u031ct\u0336\u033c\u032es\u0318\u0359\u0356\u0315 \u0320\u032b\u0320B\u033b\u034d\u0359\u0349\u0333\u0345e\u0335h\u0335\u032c\u0347\u032b\u0359i\u0339\u0353\u0333\u0333\u032e\u034e\u032b\u0315n\u035fd\u0334\u032a\u031c\u0316 \u0330\u0349\u0329\u0347\u0359\u0332\u035e\u0345T\u0356\u033c\u0353\u032a\u0362h\u034f\u0353\u032e\u033be\u032c\u031d\u031f\u0345 \u0324\u0339\u031dW\u0359\u031e\u031d\u0354\u0347\u035d\u0345a\u034f\u0353\u0354\u0339\u033c\u0323l\u0334\u0354\u0330\u0324\u031f\u0354\u1e3d\u032b.\u0355", "\t\u000b\f \u0085\u00a0\u1680\u2000\u2001\u2002\u2003\u2004\u2005\u2006\u2007\u2008\u2009\u200a\u200b\u2028\u2029\u202f\u205f\u3000": "\t\u000b\f \u0085\u00a0\u1680\u2000\u2001\u2002\u2003\u2004\u2005\u2006\u2007\u2008\u2009\u200a\u200b\u2028\u2029\u202f\u205f\u3000", "<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>": "<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>", "\"`'><script>\\x09javascript:alert(1)</script>": "\"`'><script>\\x09javascript:alert(1)</script>", "' autofocus onkeyup='javascript:alert(123)": "' autofocus onkeyup='javascript:alert(123)", "\u2764\ufe0f \ud83d\udc94 \ud83d\udc8c \ud83d\udc95 \ud83d\udc9e \ud83d\udc93 \ud83d\udc97 \ud83d\udc96 \ud83d\udc98 \ud83d\udc9d \ud83d\udc9f \ud83d\udc9c \ud83d\udc9b \ud83d\udc9a \ud83d\udc99": "\u2764\ufe0f \ud83d\udc94 \ud83d\udc8c \ud83d\udc95 \ud83d\udc9e \ud83d\udc93 \ud83d\udc97 \ud83d\udc96 \ud83d\udc98 \ud83d\udc9d \ud83d\udc9f \ud83d\udc9c \ud83d\udc9b \ud83d\udc9a \ud83d\udc99", "<IMG SRC=\"jav&#x09;ascript:alert('XSS');\">": "<IMG SRC=\"jav&#x09;ascript:alert('XSS');\">", "1 000.00": "1 000.00", "Tyson Gay": "Tyson Gay", "<a href=\"\\x1Djavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>": "<a href=\"\\x1Djavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", "1'; DROP TABLE users-- 1": "1'; DROP TABLE users-- 1", "<img \\x00src=x onerror=\"javascript:alert(1)\">": "<img \\x00src=x onerror=\"javascript:alert(1)\">", "\"`'><script>\\xE3\\x80\\x80javascript:alert(1)</script>": "\"`'><script>\\xE3\\x80\\x80javascript:alert(1)</script>", "<a href=\"\\x02javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>": "<a href=\"\\x02javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", "\"`'><script>\\x3Bjavascript:alert(1)</script>": "\"`'><script>\\x3Bjavascript:alert(1)</script>", "#": "#", "ABC<div style=\"x:\\x0Aexpression(javascript:alert(1)\">DEF": "ABC<div style=\"x:\\x0Aexpression(javascript:alert(1)\">DEF", "# Often forbidden to appear in various text-based file formats (e.g. XML),": "# Often forbidden to appear in various text-based file formats (e.g. XML),", "<a href=\"\\x16javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>": "<a href=\"\\x16javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", "08": "08", "09": "09", "01000": "01000", "# The next line may be flagged for \"trailing whitespace\" in some viewers.": "# The next line may be flagged for \"trailing whitespace\" in some viewers.", "<script\\x0Atype=\"text/javascript\">javascript:alert(1);</script>": "<script\\x0Atype=\"text/javascript\">javascript:alert(1);</script>", "#\tStrings which are reserved characters in MSDOS/Windows": "#\tStrings which are reserved characters in MSDOS/Windows", "#\tCredit: https://twitter.com/jifa/status/625776454479970304": "#\tCredit: https://twitter.com/jifa/status/625776454479970304", "ABC<div style=\"x:\\x0Dexpression(javascript:alert(1)\">DEF": "ABC<div style=\"x:\\x0Dexpression(javascript:alert(1)\">DEF", "#\tStrings which may be used elsewhere in code": "#\tStrings which may be used elsewhere in code", "# appear in input.": "# appear in input.", "#\tNumeric Strings": "#\tNumeric Strings", "\u793e\u6703\u79d1\u5b78\u9662\u8a9e\u5b78\u7814\u7a76\u6240": "\u793e\u6703\u79d1\u5b78\u9662\u8a9e\u5b78\u7814\u7a76\u6240", "`\"'><img src=xxx:x \\x0Aonerror=javascript:alert(1)>": "`\"'><img src=xxx:x \\x0Aonerror=javascript:alert(1)>", "\uc0ac\ud68c\uacfc\ud559\uc6d0 \uc5b4\ud559\uc5f0\uad6c\uc18c": "\uc0ac\ud68c\uacfc\ud559\uc6d0 \uc5b4\ud559\uc5f0\uad6c\uc18c", "<a href=\"\\x0Ajavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>": "<a href=\"\\x0Ajavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", "ABC<div style=\"x:\\xE2\\x80\\x87expression(javascript:alert(1)\">DEF": "ABC<div style=\"x:\\xE2\\x80\\x87expression(javascript:alert(1)\">DEF", "ABC<div style=\"x:\\xE2\\x80\\x82expression(javascript:alert(1)\">DEF": "ABC<div style=\"x:\\xE2\\x80\\x82expression(javascript:alert(1)\">DEF", "#\tJapanese Emoticons": "#\tJapanese Emoticons", "<img \\x12src=x onerror=\"javascript:alert(1)\">": "<img \\x12src=x onerror=\"javascript:alert(1)\">", "\uff11\uff12\uff13": "\uff11\uff12\uff13", "# Commonly misinterpreted as additional graphic characters.": "# Commonly misinterpreted as additional graphic characters.", "#\tQuotation Marks": "#\tQuotation Marks", "__\uff9b(,_,*)": "__\uff9b(,_,*)", "If you're reading this, you've been in a coma for almost 20 years now. We're trying a new technique. We don't know where this message will end up in your dream, but we hope it works. Please wake up, we miss you.": "If you're reading this, you've been in a coma for almost 20 years now. We're trying a new technique. We don't know where this message will end up in your dream, but we hope it works. Please wake up, we miss you.", "expression": "expression", "\u2070\u2074\u2075\u2080\u2081\u2082": "\u2070\u2074\u2075\u2080\u2081\u2082", "\u02d9\u0250nb\u1d09l\u0250 \u0250u\u0183\u0250\u026f \u01dd\u0279olop \u0287\u01dd \u01dd\u0279oq\u0250l \u0287n \u0287unp\u1d09p\u1d09\u0254u\u1d09 \u0279od\u026f\u01dd\u0287 po\u026fsn\u1d09\u01dd op p\u01dds '\u0287\u1d09l\u01dd \u0183u\u1d09\u0254s\u1d09d\u1d09p\u0250 \u0279n\u0287\u01dd\u0287\u0254\u01ddsuo\u0254 '\u0287\u01dd\u026f\u0250 \u0287\u1d09s \u0279olop \u026fnsd\u1d09 \u026f\u01dd\u0279o\u02e5": "\u02d9\u0250nb\u1d09l\u0250 \u0250u\u0183\u0250\u026f \u01dd\u0279olop \u0287\u01dd \u01dd\u0279oq\u0250l \u0287n \u0287unp\u1d09p\u1d09\u0254u\u1d09 \u0279od\u026f\u01dd\u0287 po\u026fsn\u1d09\u01dd op p\u01dds '\u0287\u1d09l\u01dd \u0183u\u1d09\u0254s\u1d09d\u1d09p\u0250 \u0279n\u0287\u01dd\u0287\u0254\u01ddsuo\u0254 '\u0287\u01dd\u026f\u0250 \u0287\u1d09s \u0279olop \u026fnsd\u1d09 \u026f\u01dd\u0279o\u02e5", "<img src=x onerror=\\x12\"javascript:alert(1)\">": "<img src=x onerror=\\x12\"javascript:alert(1)\">", "#\tReserved Strings": "#\tReserved Strings", "1'000.00": "1'000.00", "\u1e70\u033a\u033a\u0315o\u035e \u0337i\u0332\u032c\u0347\u032a\u0359n\u031d\u0317\u0355v\u031f\u031c\u0318\u0326\u035fo\u0336\u0319\u0330\u0320k\u00e8\u035a\u032e\u033a\u032a\u0339\u0331\u0324 \u0316t\u031d\u0355\u0333\u0323\u033b\u032a\u035eh\u033c\u0353\u0332\u0326\u0333\u0318\u0332e\u0347\u0323\u0330\u0326\u032c\u034e \u0322\u033c\u033b\u0331\u0318h\u035a\u034e\u0359\u031c\u0323\u0332\u0345i\u0326\u0332\u0323\u0330\u0324v\u033b\u034de\u033a\u032d\u0333\u032a\u0330-m\u0322i\u0345n\u0316\u033a\u031e\u0332\u032f\u0330d\u0335\u033c\u031f\u0359\u0329\u033c\u0318\u0333 \u031e\u0325\u0331\u0333\u032dr\u031b\u0317\u0318e\u0359p\u0360r\u033c\u031e\u033b\u032d\u0317e\u033a\u0320\u0323\u035fs\u0318\u0347\u0333\u034d\u031d\u0349e\u0349\u0325\u032f\u031e\u0332\u035a\u032c\u035c\u01f9\u032c\u034e\u034e\u031f\u0316\u0347\u0324t\u034d\u032c\u0324\u0353\u033c\u032d\u0358\u0345i\u032a\u0331n\u0360g\u0334\u0349 \u034f\u0349\u0345c\u032c\u031fh\u0361a\u032b\u033b\u032f\u0358o\u032b\u031f\u0316\u034d\u0319\u031d\u0349s\u0317\u0326\u0332.\u0328\u0339\u0348\u0323": "\u1e70\u033a\u033a\u0315o\u035e \u0337i\u0332\u032c\u0347\u032a\u0359n\u031d\u0317\u0355v\u031f\u031c\u0318\u0326\u035fo\u0336\u0319\u0330\u0320k\u00e8\u035a\u032e\u033a\u032a\u0339\u0331\u0324 \u0316t\u031d\u0355\u0333\u0323\u033b\u032a\u035eh\u033c\u0353\u0332\u0326\u0333\u0318\u0332e\u0347\u0323\u0330\u0326\u032c\u034e \u0322\u033c\u033b\u0331\u0318h\u035a\u034e\u0359\u031c\u0323\u0332\u0345i\u0326\u0332\u0323\u0330\u0324v\u033b\u034de\u033a\u032d\u0333\u032a\u0330-m\u0322i\u0345n\u0316\u033a\u031e\u0332\u032f\u0330d\u0335\u033c\u031f\u0359\u0329\u033c\u0318\u0333 \u031e\u0325\u0331\u0333\u032dr\u031b\u0317\u0318e\u0359p\u0360r\u033c\u031e\u033b\u032d\u0317e\u033a\u0320\u0323\u035fs\u0318\u0347\u0333\u034d\u031d\u0349e\u0349\u0325\u032f\u031e\u0332\u035a\u032c\u035c\u01f9\u032c\u034e\u034e\u031f\u0316\u0347\u0324t\u034d\u032c\u0324\u0353\u033c\u032d\u0358\u0345i\u032a\u0331n\u0360g\u0334\u0349 \u034f\u0349\u0345c\u032c\u031fh\u0361a\u032b\u033b\u032f\u0358o\u032b\u031f\u0316\u034d\u0319\u031d\u0349s\u0317\u0326\u0332.\u0328\u0339\u0348\u0323", "\ucc26\ucc28\ub97c \ud0c0\uace0 \uc628 \ud3b2\uc2dc\ub9e8\uacfc \uc45b\ub2e4\ub9ac \ub620\ubc29\uac01\ud558": "\ucc26\ucc28\ub97c \ud0c0\uace0 \uc628 \ud3b2\uc2dc\ub9e8\uacfc \uc45b\ub2e4\ub9ac \ub620\ubc29\uac01\ud558", "/dev/null; touch /tmp/blns.fail ; echo": "/dev/null; touch /tmp/blns.fail ; echo", "CON": "CON", "<foo val=\u201dbar\u201c />": "<foo val=\u201dbar\u201c />", "() { _; } >_[$($())] { touch /tmp/blns.shellshock2.fail; }": "() { _; } >_[$($())] { touch /tmp/blns.shellshock2.fail; }", "\u90e8\u843d\u683c": "\u90e8\u843d\u683c", "+++ATH0": "+++ATH0", "COM1": "COM1", "COM3": "COM3", "#\tStrings which contain unicode with an \"upsidedown\" effect (via http://www.upsidedowntext.com)": "#\tStrings which contain unicode with an \"upsidedown\" effect (via http://www.upsidedowntext.com)", "\ud841\udf0e\ud841\udf31\ud841\udf79\ud843\udc53\ud843\udc78\ud843\udc96\ud843\udccf": "\ud841\udf0e\ud841\udf31\ud841\udf79\ud843\udc53\ud843\udc78\ud843\udc96\ud843\udccf", "COM4": "COM4", ".": ".", "<a href=\"\\xE2\\x80\\x89javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>": "<a href=\"\\xE2\\x80\\x89javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", "<IMG onmouseover=\"alert('xxs')\">": "<IMG onmouseover=\"alert('xxs')\">", "<img src=x onerror=\\x10\"javascript:alert(1)\">": "<img src=x onerror=\\x10\"javascript:alert(1)\">", "DCC SEND STARTKEYLOGGER 0 0 0": "DCC SEND STARTKEYLOGGER 0 0 0", "-9223372036854775808/-1": "-9223372036854775808/-1", "\u270b\ud83c\udfff \ud83d\udcaa\ud83c\udfff \ud83d\udc50\ud83c\udfff \ud83d\ude4c\ud83c\udfff \ud83d\udc4f\ud83c\udfff \ud83d\ude4f\ud83c\udfff": "\u270b\ud83c\udfff \ud83d\udcaa\ud83c\udfff \ud83d\udc50\ud83c\udfff \ud83d\ude4c\ud83c\udfff \ud83d\udc4f\ud83c\udfff \ud83d\ude4f\ud83c\udfff", "<a href=\"\\xE2\\x80\\x88javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>": "<a href=\"\\xE2\\x80\\x88javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", "() { 0; }; touch /tmp/blns.shellshock1.fail;": "() { 0; }; touch /tmp/blns.shellshock1.fail;", "1'000'000,00": "1'000'000,00", "ABC<div style=\"x:\\x00expression(javascript:alert(1)\">DEF": "ABC<div style=\"x:\\x00expression(javascript:alert(1)\">DEF", "Power\u0644\u064f\u0644\u064f\u0635\u0651\u0628\u064f\u0644\u064f\u0644\u0635\u0651\u0628\u064f\u0631\u0631\u064b \u0963 \u0963h \u0963 \u0963\u5197": "Power\u0644\u064f\u0644\u064f\u0635\u0651\u0628\u064f\u0644\u064f\u0644\u0635\u0651\u0628\u064f\u0631\u0631\u064b \u0963 \u0963h \u0963 \u0963\u5197", "hasOwnProperty": "hasOwnProperty", "#\tTrick Unicode": "#\tTrick Unicode", "`\"'><img src=xxx:x \\x22onerror=javascript:alert(1)>": "`\"'><img src=xxx:x \\x22onerror=javascript:alert(1)>", "<a href=\"\\xE2\\x80\\x85javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>": "<a href=\"\\xE2\\x80\\x85javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", "#\tStrings which contain \"corrupted\" text. The corruption will not appear in non-HTML text, however. (via http://www.eeemo.net)": "#\tStrings which contain \"corrupted\" text. The corruption will not appear in non-HTML text, however. (via http://www.eeemo.net)", "''": "''", "ABC<div style=\"x:\\xE2\\x80\\x81expression(javascript:alert(1)\">DEF": "ABC<div style=\"x:\\xE2\\x80\\x81expression(javascript:alert(1)\">DEF", "&lt;script&gt;alert(&#39;123&#39;);&lt;/script&gt;": "&lt;script&gt;alert(&#39;123&#39;);&lt;/script&gt;", "\uff1cscript\uff1ealert(123)\uff1c/script\uff1e": "\uff1cscript\uff1ealert(123)\uff1c/script\uff1e", "`\"'><img src=xxx:x \\x27onerror=javascript:alert(1)>": "`\"'><img src=xxx:x \\x27onerror=javascript:alert(1)>", "\u00c5\u00cd\u00ce\u00cf\u02dd\u00d3\u00d4\uf8ff\u00d2\u00da\u00c6\u2603": "\u00c5\u00cd\u00ce\u00cf\u02dd\u00d3\u00d4\uf8ff\u00d2\u00da\u00c6\u2603", "Scunthorpe General Hospital": "Scunthorpe General Hospital", "'><script>alert(123);</script x='": "'><script>alert(123);</script x='", "COM2": "COM2", "1.000.000,00": "1.000.000,00", "0,,0": "0,,0", "<plaintext>": "<plaintext>", "-1E+02": "-1E+02", "LPT1": "LPT1", "-1/2": "-1/2", "ABC<div style=\"x:\\xE2\\x80\\x86expression(javascript:alert(1)\">DEF": "ABC<div style=\"x:\\xE2\\x80\\x86expression(javascript:alert(1)\">DEF", "<BODY onload!#$%&()*~+-_.,:;?@[/|\\]^`=alert(\"XSS\")>": "<BODY onload!#$%&()*~+-_.,:;?@[/|\\]^`=alert(\"XSS\")>", "\ud83c\udff30\ud83c\udf08\ufe0f": "\ud83c\udff30\ud83c\udf08\ufe0f", "CLOCK$": "CLOCK$", "0.0.0": "0.0.0", "System(\"ls -al /\")": "System(\"ls -al /\")", "NaN": "NaN", "<img src=x onerror=alert(123) />": "<img src=x onerror=alert(123) />", "<a href=\"\\x1Cjavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>": "<a href=\"\\x1Cjavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", "\"`'><script>\\x0Ajavascript:alert(1)</script>": "\"`'><script>\\x0Ajavascript:alert(1)</script>", "evaluate": "evaluate", "#\tZalgo Text": "#\tZalgo Text", "--": "--", "magna cum laude": "magna cum laude", "<svg><script>123<1>alert(123)</script>": "<svg><script>123<1>alert(123)</script>", "\"\"": "\"\"", "#\tServer Code Injection": "#\tServer Code Injection", "--version": "--version", "# version 8.0.0), plus U+0009 (HT), U+000B (VT), U+000C (FF), U+0085 (NEL),": "# version 8.0.0), plus U+0009 (HT), U+000B (VT), U+000C (FF), U+0085 (NEL),", "<img src\\x32=x onerror=\"javascript:alert(1)\">": "<img src\\x32=x onerror=\"javascript:alert(1)\">", "#\tEmoji": "#\tEmoji", "(\uff89\u0ca5\u76ca\u0ca5\uff09\uff89\ufeff \u253b\u2501\u253b": "(\uff89\u0ca5\u76ca\u0ca5\uff09\uff89\ufeff \u253b\u2501\u253b", "< / script >< script >alert(123)< / script >": "< / script >< script >alert(123)< / script >", "undefined": "undefined", "# ASCII punctuation.  All of these characters may need to be escaped in some": "# ASCII punctuation.  All of these characters may need to be escaped in some", "#\tStrings which punish the fools who use cat/type on this file": "#\tStrings which punish the fools who use cat/type on this file", "<img src\\x47=x onerror=\"javascript:alert(1)\">": "<img src\\x47=x onerror=\"javascript:alert(1)\">", "<i onwheel=alert(1)> Scroll over me </i>": "<i onwheel=alert(1)> Scroll over me </i>", "\"'\"'\"''''\"": "\"'\"'\"''''\"", "<foo val=\u201cbar\u201d />": "<foo val=\u201cbar\u201d />", "-": "-", "#\tUnicode Subscript/Superscript/Accents": "#\tUnicode Subscript/Superscript/Accents", "1.000,00": "1.000,00", "<img src\\x10=x onerror=\"javascript:alert(1)\">": "<img src\\x10=x onerror=\"javascript:alert(1)\">", "medieval erection of parapets": "medieval erection of parapets", "\"`'><script>\\xE2\\x80\\x80javascript:alert(1)</script>": "\"`'><script>\\xE2\\x80\\x80javascript:alert(1)</script>", "'><script>alert(123)</script>": "'><script>alert(123)</script>", "<img\\x11src=x onerror=\"javascript:alert(1)\">": "<img\\x11src=x onerror=\"javascript:alert(1)\">", "<a href=\"\\x14javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>": "<a href=\"\\x14javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", "\u2029test\u2029": "\u2029test\u2029", "\u05d1\u05b0\u05bc\u05e8\u05b5\u05d0\u05e9\u05b4\u05c1\u05d9\u05ea, \u05d1\u05b8\u05bc\u05e8\u05b8\u05d0 \u05d0\u05b1\u05dc\u05b9\u05d4\u05b4\u05d9\u05dd, \u05d0\u05b5\u05ea \u05d4\u05b7\u05e9\u05b8\u05bc\u05c1\u05de\u05b7\u05d9\u05b4\u05dd, \u05d5\u05b0\u05d0\u05b5\u05ea \u05d4\u05b8\u05d0\u05b8\u05e8\u05b6\u05e5": "\u05d1\u05b0\u05bc\u05e8\u05b5\u05d0\u05e9\u05b4\u05c1\u05d9\u05ea, \u05d1\u05b8\u05bc\u05e8\u05b8\u05d0 \u05d0\u05b1\u05dc\u05b9\u05d4\u05b4\u05d9\u05dd, \u05d0\u05b5\u05ea \u05d4\u05b7\u05e9\u05b8\u05bc\u05c1\u05de\u05b7\u05d9\u05b4\u05dd, \u05d5\u05b0\u05d0\u05b5\u05ea \u05d4\u05b8\u05d0\u05b8\u05e8\u05b6\u05e5", "<a href=\"\\x06javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>": "<a href=\"\\x06javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", "#      XXE Injection (XML)": "#      XXE Injection (XML)", "<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>": "<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>", "#\tRight-To-Left Strings": "#\tRight-To-Left Strings", "ABC<div style=\"x:\\x0Cexpression(javascript:alert(1)\">DEF": "ABC<div style=\"x:\\x0Cexpression(javascript:alert(1)\">DEF", "1,000,000.00": "1,000,000.00", "\\\\": "\\\\", "Roses are \u001b[0;31mred\u001b[0m, violets are \u001b[0;34mblue. Hope you enjoy terminal hue": "Roses are \u001b[0;31mred\u001b[0m, violets are \u001b[0;34mblue. Hope you enjoy terminal hue", "1,000.00": "1,000.00", "<a href=\"\\x20javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>": "<a href=\"\\x20javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", "@{[system \"touch /tmp/blns.fail\"]}": "@{[system \"touch /tmp/blns.fail\"]}", "\u0401\u0402\u0403\u0404\u0405\u0406\u0407\u0408\u0409\u040a\u040b\u040c\u040d\u040e\u040f\u0410\u0411\u0412\u0413\u0414\u0415\u0416\u0417\u0418\u0419\u041a\u041b\u041c\u041d\u041e\u041f\u0420\u0421\u0422\u0423\u0424\u0425\u0426\u0427\u0428\u0429\u042a\u042b\u042c\u042d\u042e\u042f\u0430\u0431\u0432\u0433\u0434\u0435\u0436\u0437\u0438\u0439\u043a\u043b\u043c\u043d\u043e\u043f\u0440\u0441\u0442\u0443\u0444\u0445\u0446\u0447\u0448\u0449\u044a\u044b\u044c\u044d\u044e\u044f": "\u0401\u0402\u0403\u0404\u0405\u0406\u0407\u0408\u0409\u040a\u040b\u040c\u040d\u040e\u040f\u0410\u0411\u0412\u0413\u0414\u0415\u0416\u0417\u0418\u0419\u041a\u041b\u041c\u041d\u041e\u041f\u0420\u0421\u0422\u0423\u0424\u0425\u0426\u0427\u0428\u0429\u042a\u042b\u042c\u042d\u042e\u042f\u0430\u0431\u0432\u0433\u0434\u0435\u0436\u0437\u0438\u0439\u043a\u043b\u043c\u043d\u043e\u043f\u0440\u0441\u0442\u0443\u0444\u0445\u0446\u0447\u0448\u0449\u044a\u044b\u044c\u044d\u044e\u044f", "#\tStrings which can cause user to run code on server as a privileged user (c.f. https://news.ycombinator.com/item?id=7665153)": "#\tStrings which can cause user to run code on server as a privileged user (c.f. https://news.ycombinator.com/item?id=7665153)", "Horniman Museum": "Horniman Museum", "Craig Cockburn, Software Specialist": "Craig Cockburn, Software Specialist", "\u252c\u2500\u252c\u30ce( \u00ba _ \u00ba\u30ce)": "\u252c\u2500\u252c\u30ce( \u00ba _ \u00ba\u30ce)", "<a href=\"\\x18javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>": "<a href=\"\\x18javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", "#\tStrings which contain unicode with unusual properties (e.g. Right-to-left override) (c.f. http://www.unicode.org/charts/PDF/U2000.pdf)": "#\tStrings which contain unicode with unusual properties (e.g. Right-to-left override) (c.f. http://www.unicode.org/charts/PDF/U2000.pdf)", "\ud835\udc13\ud835\udc21\ud835\udc1e \ud835\udc2a\ud835\udc2e\ud835\udc22\ud835\udc1c\ud835\udc24 \ud835\udc1b\ud835\udc2b\ud835\udc28\ud835\udc30\ud835\udc27 \ud835\udc1f\ud835\udc28\ud835\udc31 \ud835\udc23\ud835\udc2e\ud835\udc26\ud835\udc29\ud835\udc2c \ud835\udc28\ud835\udc2f\ud835\udc1e\ud835\udc2b \ud835\udc2d\ud835\udc21\ud835\udc1e \ud835\udc25\ud835\udc1a\ud835\udc33\ud835\udc32 \ud835\udc1d\ud835\udc28\ud835\udc20": "\ud835\udc13\ud835\udc21\ud835\udc1e \ud835\udc2a\ud835\udc2e\ud835\udc22\ud835\udc1c\ud835\udc24 \ud835\udc1b\ud835\udc2b\ud835\udc28\ud835\udc30\ud835\udc27 \ud835\udc1f\ud835\udc28\ud835\udc31 \ud835\udc23\ud835\udc2e\ud835\udc26\ud835\udc29\ud835\udc2c \ud835\udc28\ud835\udc2f\ud835\udc1e\ud835\udc2b \ud835\udc2d\ud835\udc21\ud835\udc1e \ud835\udc25\ud835\udc1a\ud835\udc33\ud835\udc32 \ud835\udc1d\ud835\udc28\ud835\udc20", "\"`'><script>\\xE2\\x80\\x8Bjavascript:alert(1)</script>": "\"`'><script>\\xE2\\x80\\x8Bjavascript:alert(1)</script>", "<a href=\"\\x1Bjavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>": "<a href=\"\\x1Bjavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", "<a href=\"\\x15javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>": "<a href=\"\\x15javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", "JavaSCript:alert(123)": "JavaSCript:alert(123)", "<img src onerror /\" '\"= alt=javascript:alert(1)//\">": "<img src onerror /\" '\"= alt=javascript:alert(1)//\">", "ABC<div style=\"x:\\xEF\\xBB\\xBFexpression(javascript:alert(1)\">DEF": "ABC<div style=\"x:\\xEF\\xBB\\xBFexpression(javascript:alert(1)\">DEF", "<script\\x2Ftype=\"text/javascript\">javascript:alert(1);</script>": "<script\\x2Ftype=\"text/javascript\">javascript:alert(1);</script>", "\"`'><script>\\xE2\\x80\\x83javascript:alert(1)</script>": "\"`'><script>\\xE2\\x80\\x83javascript:alert(1)</script>", "src=JaVaSCript:prompt(132)": "src=JaVaSCript:prompt(132)", "<img src=x onerror=\\x32\"javascript:alert(1)\">": "<img src=x onerror=\\x32\"javascript:alert(1)\">", "<a href=\"\\xE2\\x80\\x80javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>": "<a href=\"\\xE2\\x80\\x80javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", "<IMG \"\"\"><SCRIPT>alert(\"XSS\")</SCRIPT>\">": "<IMG \"\"\"><SCRIPT>alert(\"XSS\")</SCRIPT>\">", "<a href=\"\\x12javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>": "<a href=\"\\x12javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?><!DOCTYPE foo [ <!ELEMENT foo ANY ><!ENTITY xxe SYSTEM \"file:///etc/passwd\" >]><foo>&xxe;</foo>": "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?><!DOCTYPE foo [ <!ELEMENT foo ANY ><!ENTITY xxe SYSTEM \"file:///etc/passwd\" >]><foo>&xxe;</foo>", "+0.0": "+0.0", "\"`'><script>\\xEF\\xBF\\xAEjavascript:alert(1)</script>": "\"`'><script>\\xEF\\xBF\\xAEjavascript:alert(1)</script>", "\u0317\u033a\u0356\u0339\u032f\u0353\u1e6e\u0324\u034d\u0325\u0347\u0348h\u0332\u0301e\u034f\u0353\u033c\u0317\u0319\u033c\u0323\u0354 \u0347\u031c\u0331\u0320\u0353\u034d\u0345N\u0355\u0360e\u0317\u0331z\u0318\u031d\u031c\u033a\u0359p\u0324\u033a\u0339\u034d\u032f\u035ae\u0320\u033b\u0320\u035cr\u0328\u0324\u034d\u033a\u0316\u0354\u0316\u0316d\u0320\u031f\u032d\u032c\u031d\u035fi\u0326\u0356\u0329\u0353\u0354\u0324a\u0320\u0317\u032c\u0349\u0319n\u035a\u035c \u033b\u031e\u0330\u035a\u0345h\u0335\u0349i\u0333\u031ev\u0322\u0347\u1e19\u034e\u035f-\u0489\u032d\u0329\u033c\u0354m\u0324\u032d\u032bi\u0355\u0347\u031d\u0326n\u0317\u0359\u1e0d\u031f \u032f\u0332\u0355\u035e\u01eb\u031f\u032f\u0330\u0332\u0359\u033b\u031df \u032a\u0330\u0330\u0317\u0316\u032d\u0318\u0358c\u0326\u034d\u0332\u031e\u034d\u0329\u0319\u1e25\u035aa\u032e\u034e\u031f\u0319\u035c\u01a1\u0329\u0339\u034es\u0324.\u031d\u031d \u0489Z\u0321\u0316\u031c\u0356\u0330\u0323\u0349\u031ca\u0356\u0330\u0359\u032c\u0361l\u0332\u032b\u0333\u034d\u0329g\u0321\u031f\u033c\u0331\u035a\u031e\u032c\u0345o\u0317\u035c.\u031f": "\u0317\u033a\u0356\u0339\u032f\u0353\u1e6e\u0324\u034d\u0325\u0347\u0348h\u0332\u0301e\u034f\u0353\u033c\u0317\u0319\u033c\u0323\u0354 \u0347\u031c\u0331\u0320\u0353\u034d\u0345N\u0355\u0360e\u0317\u0331z\u0318\u031d\u031c\u033a\u0359p\u0324\u033a\u0339\u034d\u032f\u035ae\u0320\u033b\u0320\u035cr\u0328\u0324\u034d\u033a\u0316\u0354\u0316\u0316d\u0320\u031f\u032d\u032c\u031d\u035fi\u0326\u0356\u0329\u0353\u0354\u0324a\u0320\u0317\u032c\u0349\u0319n\u035a\u035c \u033b\u031e\u0330\u035a\u0345h\u0335\u0349i\u0333\u031ev\u0322\u0347\u1e19\u034e\u035f-\u0489\u032d\u0329\u033c\u0354m\u0324\u032d\u032bi\u0355\u0347\u031d\u0326n\u0317\u0359\u1e0d\u031f \u032f\u0332\u0355\u035e\u01eb\u031f\u032f\u0330\u0332\u0359\u033b\u031df \u032a\u0330\u0330\u0317\u0316\u032d\u0318\u0358c\u0326\u034d\u0332\u031e\u034d\u0329\u0319\u1e25\u035aa\u032e\u034e\u031f\u0319\u035c\u01a1\u0329\u0339\u034es\u0324.\u031d\u031d \u0489Z\u0321\u0316\u031c\u0356\u0330\u0323\u0349\u031ca\u0356\u0330\u0359\u032c\u0361l\u0332\u032b\u0333\u034d\u0329g\u0321\u031f\u033c\u0331\u035a\u031e\u032c\u0345o\u0317\u035c.\u031f", "-1.00": "-1.00", "<script\\x0Ctype=\"text/javascript\">javascript:alert(1);</script>": "<script\\x0Ctype=\"text/javascript\">javascript:alert(1);</script>", "\u215b\u215c\u215d\u215e": "\u215b\u215c\u215d\u215e", "\"`'><script>\\x20javascript:alert(1)</script>": "\"`'><script>\\x20javascript:alert(1)</script>", "0/0": "0/0", "\"`'><script>\\x7Ejavascript:alert(1)</script>": "\"`'><script>\\x7Ejavascript:alert(1)</script>", "_": "_", "<script src=\"/\\%(jscript)s\"></script>": "<script src=\"/\\%(jscript)s\"></script>", "<a href=\"\\x0Bjavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>": "<a href=\"\\x0Bjavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", "ABC<div style=\"x:expression\\x00(javascript:alert(1)\">DEF": "ABC<div style=\"x:expression\\x00(javascript:alert(1)\">DEF", "#\tSpecial Characters": "#\tSpecial Characters", "\u0645\u064f\u0646\u064e\u0627\u0642\u064e\u0634\u064e\u0629\u064f \u0633\u064f\u0628\u064f\u0644\u0650 \u0627\u0650\u0633\u0652\u062a\u0650\u062e\u0652\u062f\u064e\u0627\u0645\u0650 \u0627\u0644\u0644\u0651\u064f\u063a\u064e\u0629\u0650 \u0641\u0650\u064a \u0627\u0644\u0646\u0651\u064f\u0638\u064f\u0645\u0650 \u0627\u0644\u0652\u0642\u064e\u0627\u0626\u0650\u0645\u064e\u0629\u0650 \u0648\u064e\u0641\u0650\u064a\u0645 \u064a\u064e\u062e\u064f\u0635\u0651\u064e \u0627\u0644\u062a\u0651\u064e\u0637\u0652\u0628\u0650\u064a\u0642\u064e\u0627\u062a\u064f \u0627\u0644\u0652\u062d\u0627\u0633\u064f\u0648\u0628\u0650\u064a\u0651\u064e\u0629\u064f\u060c ": "\u0645\u064f\u0646\u064e\u0627\u0642\u064e\u0634\u064e\u0629\u064f \u0633\u064f\u0628\u064f\u0644\u0650 \u0627\u0650\u0633\u0652\u062a\u0650\u062e\u0652\u062f\u064e\u0627\u0645\u0650 \u0627\u0644\u0644\u0651\u064f\u063a\u064e\u0629\u0650 \u0641\u0650\u064a \u0627\u0644\u0646\u0651\u064f\u0638\u064f\u0645\u0650 \u0627\u0644\u0652\u0642\u064e\u0627\u0626\u0650\u0645\u064e\u0629\u0650 \u0648\u064e\u0641\u0650\u064a\u0645 \u064a\u064e\u062e\u064f\u0635\u0651\u064e \u0627\u0644\u062a\u0651\u064e\u0637\u0652\u0628\u0650\u064a\u0642\u064e\u0627\u062a\u064f \u0627\u0644\u0652\u062d\u0627\u0633\u064f\u0648\u0628\u0650\u064a\u0651\u064e\u0629\u064f\u060c ", "\ud835\ude83\ud835\ude91\ud835\ude8e \ud835\ude9a\ud835\ude9e\ud835\ude92\ud835\ude8c\ud835\ude94 \ud835\ude8b\ud835\ude9b\ud835\ude98\ud835\udea0\ud835\ude97 \ud835\ude8f\ud835\ude98\ud835\udea1 \ud835\ude93\ud835\ude9e\ud835\ude96\ud835\ude99\ud835\ude9c \ud835\ude98\ud835\ude9f\ud835\ude8e\ud835\ude9b \ud835\ude9d\ud835\ude91\ud835\ude8e \ud835\ude95\ud835\ude8a\ud835\udea3\ud835\udea2 \ud835\ude8d\ud835\ude98\ud835\ude90": "\ud835\ude83\ud835\ude91\ud835\ude8e \ud835\ude9a\ud835\ude9e\ud835\ude92\ud835\ude8c\ud835\ude94 \ud835\ude8b\ud835\ude9b\ud835\ude98\ud835\udea0\ud835\ude97 \ud835\ude8f\ud835\ude98\ud835\udea1 \ud835\ude93\ud835\ude9e\ud835\ude96\ud835\ude99\ud835\ude9c \ud835\ude98\ud835\ude9f\ud835\ude8e\ud835\ude9b \ud835\ude9d\ud835\ude91\ud835\ude8e \ud835\ude95\ud835\ude8a\ud835\udea3\ud835\udea2 \ud835\ude8d\ud835\ude98\ud835\ude90", "\"`'><script>-javascript:alert(1)</script>": "\"`'><script>-javascript:alert(1)</script>", "<img src\\x12=x onerror=\"javascript:alert(1)\">": "<img src\\x12=x onerror=\"javascript:alert(1)\">", "mocha": "mocha", "><script>alert(123)</script>": "><script>alert(123)</script>", "1E+02": "1E+02", "\ud83d\udc35 \ud83d\ude48 \ud83d\ude49 \ud83d\ude4a": "\ud83d\udc35 \ud83d\ude48 \ud83d\ude49 \ud83d\ude4a", "0\ufe0f\u20e3 1\ufe0f\u20e3 2\ufe0f\u20e3 3\ufe0f\u20e3 4\ufe0f\u20e3 5\ufe0f\u20e3 6\ufe0f\u20e3 7\ufe0f\u20e3 8\ufe0f\u20e3 9\ufe0f\u20e3 \ud83d\udd1f": "0\ufe0f\u20e3 1\ufe0f\u20e3 2\ufe0f\u20e3 3\ufe0f\u20e3 4\ufe0f\u20e3 5\ufe0f\u20e3 6\ufe0f\u20e3 7\ufe0f\u20e3 8\ufe0f\u20e3 9\ufe0f\u20e3 \ud83d\udd1f", "\uff34\uff48\uff45 \uff51\uff55\uff49\uff43\uff4b \uff42\uff52\uff4f\uff57\uff4e \uff46\uff4f\uff58 \uff4a\uff55\uff4d\uff50\uff53 \uff4f\uff56\uff45\uff52 \uff54\uff48\uff45 \uff4c\uff41\uff5a\uff59 \uff44\uff4f\uff47": "\uff34\uff48\uff45 \uff51\uff55\uff49\uff43\uff4b \uff42\uff52\uff4f\uff57\uff4e \uff46\uff4f\uff58 \uff4a\uff55\uff4d\uff50\uff53 \uff4f\uff56\uff45\uff52 \uff54\uff48\uff45 \uff4c\uff41\uff5a\uff59 \uff44\uff4f\uff47", "Infinity": "Infinity", "# Non-whitespace C0 controls: U+0001 through U+0008, U+000E through U+001F,": "# Non-whitespace C0 controls: U+0001 through U+0008, U+000E through U+001F,", "<a href=\"\\x00javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>": "<a href=\"\\x00javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", "\"`'><script>\\xEF\\xBF\\xBEjavascript:alert(1)</script>": "\"`'><script>\\xEF\\xBF\\xBEjavascript:alert(1)</script>", "\u2070\u2074\u2075": "\u2070\u2074\u2075", "#\tStrings which can cause a SQL injection if inputs are not sanitized": "#\tStrings which can cause a SQL injection if inputs are not sanitized", "<IMG SRC=\"javascript:alert('XSS')\"": "<IMG SRC=\"javascript:alert('XSS')\"", "# and U+007F (DEL)": "# and U+007F (DEL)", "ZZ:": "ZZ:", "#\tStrings which can be interpreted as numeric": "#\tStrings which can be interpreted as numeric", "\ud83d\udc7e \ud83d\ude47 \ud83d\udc81 \ud83d\ude45 \ud83d\ude46 \ud83d\ude4b \ud83d\ude4e \ud83d\ude4d": "\ud83d\udc7e \ud83d\ude47 \ud83d\udc81 \ud83d\ude45 \ud83d\ude46 \ud83d\ude4b \ud83d\ude4e \ud83d\ude4d", "\"''''\"'\"": "\"''''\"'\"", "http://www.cum.qc.ca/": "http://www.cum.qc.ca/", "# or reused for internal delimiters on the theory that they should never": "# or reused for internal delimiters on the theory that they should never", "ABC<div style=\"x:\\xE2\\x80\\x88expression(javascript:alert(1)\">DEF": "ABC<div style=\"x:\\xE2\\x80\\x88expression(javascript:alert(1)\">DEF", "<a href=\"\\xE3\\x80\\x80javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>": "<a href=\"\\xE3\\x80\\x80javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", "' onfocus=JaVaSCript:alert(123) autofocus": "' onfocus=JaVaSCript:alert(123) autofocus", "<img src=\"x` `<script>javascript:alert(1)</script>\"` `>": "<img src=\"x` `<script>javascript:alert(1)</script>\"` `>", "true": "true", "\u30fb(\uffe3\u2200\uffe3)\u30fb:*:": "\u30fb(\uffe3\u2200\uffe3)\u30fb:*:", "#\tStrings which can cause user to pull in files that should not be a part of a web server": "#\tStrings which can cause user to pull in files that should not be a part of a web server", "\"`'><script>\\xE2\\x80\\x84javascript:alert(1)</script>": "\"`'><script>\\xE2\\x80\\x84javascript:alert(1)</script>", "%*.*s": "%*.*s", "<a href=\"\\x03javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>": "<a href=\"\\x03javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", "-$1.00": "-$1.00", "\u0661\u0662\u0663": "\u0661\u0662\u0663", "0xffffffff": "0xffffffff", "<img\\x47src=x onerror=\"javascript:alert(1)\">": "<img\\x47src=x onerror=\"javascript:alert(1)\">", "\"`'><script>\\xE2\\x80\\x82javascript:alert(1)</script>": "\"`'><script>\\xE2\\x80\\x82javascript:alert(1)</script>", "\"`'><script>\\x2Bjavascript:alert(1)</script>": "\"`'><script>\\x2Bjavascript:alert(1)</script>", "-1E2": "-1E2", "ABC<div style=\"x:\\xE3\\x80\\x80expression(javascript:alert(1)\">DEF": "ABC<div style=\"x:\\xE3\\x80\\x80expression(javascript:alert(1)\">DEF", "<a href=\"\\xE2\\x80\\x8Ajavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>": "<a href=\"\\xE2\\x80\\x8Ajavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", "--1": "--1", "\"`'><script>\\x0Bjavascript:alert(1)</script>": "\"`'><script>\\x0Bjavascript:alert(1)</script>", "# Whitespace: all of the characters with category Zs, Zl, or Zp (in Unicode": "# Whitespace: all of the characters with category Zs, Zl, or Zp (in Unicode", "<img \\x34src=x onerror=\"javascript:alert(1)\">": "<img \\x34src=x onerror=\"javascript:alert(1)\">", ",\u3002\u30fb:*:\u30fb\u309c\u2019( \u263b \u03c9 \u263b )\u3002\u30fb:*:\u30fb\u309c\u2019": ",\u3002\u30fb:*:\u30fb\u309c\u2019( \u263b \u03c9 \u263b )\u3002\u30fb:*:\u30fb\u309c\u2019", "<a href=\"\\xE2\\x81\\x9Fjavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>": "<a href=\"\\xE2\\x81\\x9Fjavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", "NULL": "NULL", "`\"'><img src=xxx:x \\x20onerror=javascript:alert(1)>": "`\"'><img src=xxx:x \\x20onerror=javascript:alert(1)>", "%": "%", "<title onpropertychange=javascript:alert(1)></title><title title=>": "<title onpropertychange=javascript:alert(1)></title><title title=>", "<img[a][b][c]src[d]=x[e]onerror=[f]\"alert(1)\">": "<img[a][b][c]src[d]=x[e]onerror=[f]\"alert(1)\">", "# Unicode additional control characters: all of the characters with": "# Unicode additional control characters: all of the characters with", "A:": "A:", "test\u2060test\u202b": "test\u2060test\u202b", "<a href=\"\\x07javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>": "<a href=\"\\x07javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", "\uc6b8\ub780\ubc14\ud1a0\ub974": "\uc6b8\ub780\ubc14\ud1a0\ub974", "# treated as whitespace in some contexts.": "# treated as whitespace in some contexts.", "$USER": "$USER", "0xabad1dea": "0xabad1dea", "-0.0": "-0.0", "<img src\\x13=x onerror=\"javascript:alert(1)\">": "<img src\\x13=x onerror=\"javascript:alert(1)\">", "dontMakeAMap": true, "#\tUnicode Upsidedown": "#\tUnicode Upsidedown", "0.0/0": "0.0/0", "\"`'><script>\\xE2\\x80\\x88javascript:alert(1)</script>": "\"`'><script>\\xE2\\x80\\x88javascript:alert(1)</script>", "`\"'><img src=xxx:x \\x09onerror=javascript:alert(1)>": "`\"'><img src=xxx:x \\x09onerror=javascript:alert(1)>", "-1#IND": "-1#IND", "shitake mushrooms": "shitake mushrooms", "1 000,00": "1 000,00"}
\ No newline at end of file
diff --git a/test/test.ts b/test/test.ts
index 3851b449..0bce7db0 100755
--- a/test/test.ts
+++ b/test/test.ts
@@ -73,7 +73,8 @@ const FIXTURES: Fixture[] = [
         test: testJava,
         skip: [
             "identifiers.json",
-            "simple-identifiers.json"
+            "simple-identifiers.json",
+            "blns-object.json"
         ]
     },
     {
@@ -85,7 +86,8 @@ const FIXTURES: Fixture[] = [
         test: testGo,
         skip: [
             "identifiers.json",
-            "simple-identifiers.json"
+            "simple-identifiers.json",
+            "blns-object.json"
         ]
     },
     {
@@ -97,7 +99,8 @@ const FIXTURES: Fixture[] = [
         test: testJsonSchema,
         skip: [
             "identifiers.json",
-            "simple-identifiers.json"
+            "simple-identifiers.json",
+            "blns-object.json"
         ]
     },
     {
@@ -110,7 +113,8 @@ const FIXTURES: Fixture[] = [
         test: testElm,
         skip: [
             "identifiers.json",
-            "simple-identifiers.json"
+            "simple-identifiers.json",
+            "blns-object.json"
         ]
     },
     {
@@ -122,7 +126,8 @@ const FIXTURES: Fixture[] = [
         test: testSwift,
         skip: [
             "identifiers.json",
-            "no-classes.json"
+            "no-classes.json",
+            "blns-object.json"
         ]
     },
     {