big-list-of-naughty-strings
big-list-of-naughty-strings copied to clipboard
minimaxir
The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data.
Would these be a suitable thing to document here? For example, where do you think this link will take you? http://accounts.googlе.com Sure. It LOOKS like it'll take you somewhere obvious,...
I have seen API fuzzers using rm -rf / in query params. I expect this request will blow up like the drop table thread but wanted to suggest it non...
The sequence `\n~.` will cause default-configured ssh sessions to terminate when passed as input. I realise it's horrifying but I have in fact seen this crop up in the wild...
Please check the synchony of the files. When I got them, blns.base64.txt and blns.json were not in sync with blns.txt, and there's no script for updating blns.base64.json.
The comment for the Special Unicode Characters Union, a "super string recommended by VMware Inc. Globalization Team", incorrectly identifies `Œ` as `LATIN SMALL LIGATURE OE (U+0153)`, when it is actually...
Niger is a literal country in Africa. A whole country. And yet way too many systems block its name because it is close to another word that some people don't...
Systems commonly used markdown for convenience when defining templates for emails or user messages, however markdown is often seen as benign and not properly escaped. I propose you add a...
O'[email protected] - an apostrophe in the first part of an email address is perfectly legal, opening all sorts of possible validation and sanitation issues. O'%20drop%20users%20table%[email protected]
