big-list-of-naughty-strings
big-list-of-naughty-strings copied to clipboard
minimaxir
The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data.
I was working on my report [Information Dynamics on the GitHub Network](http://pravj.github.io/blog/information-dynamics-on-github/), using this repository as a (sample) popular GitHub repository, and found that the date of its [first Hacker...
The "On Testing" link in the first paragraph of the README doesn't work, because the owner of that web page has moved it to a different URL without the file...
#Looks like we're getting an ever growing list of strings which are carefully crafted injections. I believe this is entirely outside of the scope of this project. Lines 195 to...
[this attack](https://gist.github.com/balupton/3cb9a0e066ebb899d2be) on webct has two different forms, one of them is a multiline string: ``` html Thank you ``` With the newline break of the `javascript` word being part...
Now that we have a list of potential naughty strings, what do you do with it to protect yourself properly? What's the best way to use this list to protect...
"DROP TABLE users" should be replaced to avoid potential data loss.
Passing the values `CONIN$` and `CONOUT$` to `fopen` etc. on Windows return handles to `stdin` and `stdout` respectively. Probably rarely tested against to prevent unwanted access. See: https://msdn.microsoft.com/en-us/library/windows/desktop/ms682075%28v=vs.85%29.aspx
The .txt file comments say they are 2 byte characters. Quick checking with C's strlen would also implicate Korean hangul are 3 bytes as well. > # Two-Byte Characters >...
