summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--.clang-format90
-rw-r--r--include/base64.hpp5
-rw-r--r--include/big_list_of_naughty_strings.hpp1149
-rw-r--r--include/color_cout_g3_sink.hpp41
-rw-r--r--include/crow_g3_logger.hpp116
-rw-r--r--include/ssl_key_handler.hpp274
-rw-r--r--include/token_authorization_middleware.hpp24
-rw-r--r--include/webassets.hpp14
-rw-r--r--src/base64.cpp143
-rw-r--r--src/base64_test.cpp92
-rw-r--r--src/token_authorization_middleware.cpp79
-rw-r--r--src/token_authorization_middleware_test.cpp36
-rw-r--r--src/webserver_main.cpp30
13 files changed, 947 insertions, 1146 deletions
diff --git a/.clang-format b/.clang-format
new file mode 100644
index 0000000000..4479e2d9d0
--- /dev/null
+++ b/.clang-format
@@ -0,0 +1,90 @@
+---
+Language: Cpp
+# BasedOnStyle: Google
+AccessModifierOffset: -1
+AlignAfterOpenBracket: Align
+AlignConsecutiveAssignments: false
+AlignConsecutiveDeclarations: false
+AlignEscapedNewlinesLeft: true
+AlignOperands: true
+AlignTrailingComments: true
+AllowAllParametersOfDeclarationOnNextLine: true
+AllowShortBlocksOnASingleLine: false
+AllowShortCaseLabelsOnASingleLine: false
+AllowShortFunctionsOnASingleLine: All
+AllowShortIfStatementsOnASingleLine: true
+AllowShortLoopsOnASingleLine: true
+AlwaysBreakAfterDefinitionReturnType: None
+AlwaysBreakAfterReturnType: None
+AlwaysBreakBeforeMultilineStrings: true
+AlwaysBreakTemplateDeclarations: true
+BinPackArguments: true
+BinPackParameters: true
+BraceWrapping:
+ AfterClass: false
+ AfterControlStatement: false
+ AfterEnum: false
+ AfterFunction: false
+ AfterNamespace: false
+ AfterObjCDeclaration: false
+ AfterStruct: false
+ AfterUnion: false
+ BeforeCatch: false
+ BeforeElse: false
+ IndentBraces: false
+BreakBeforeBinaryOperators: None
+BreakBeforeBraces: Attach
+BreakBeforeTernaryOperators: true
+BreakConstructorInitializersBeforeComma: false
+ColumnLimit: 160
+CommentPragmas: '^ IWYU pragma:'
+ConstructorInitializerAllOnOneLineOrOnePerLine: true
+ConstructorInitializerIndentWidth: 4
+ContinuationIndentWidth: 4
+Cpp11BracedListStyle: true
+DerivePointerAlignment: true
+DisableFormat: false
+ExperimentalAutoDetectBinPacking: false
+ForEachMacros: [ foreach, Q_FOREACH, BOOST_FOREACH ]
+IncludeCategories:
+ - Regex: '^<.*\.h>'
+ Priority: 1
+ - Regex: '^<.*'
+ Priority: 2
+ - Regex: '.*'
+ Priority: 3
+IndentCaseLabels: true
+IndentWidth: 2
+IndentWrappedFunctionNames: false
+KeepEmptyLinesAtTheStartOfBlocks: false
+MacroBlockBegin: ''
+MacroBlockEnd: ''
+MaxEmptyLinesToKeep: 1
+NamespaceIndentation: None
+ObjCBlockIndentWidth: 2
+ObjCSpaceAfterProperty: false
+ObjCSpaceBeforeProtocolList: false
+PenaltyBreakBeforeFirstCallParameter: 1
+PenaltyBreakComment: 300
+PenaltyBreakFirstLessLess: 120
+PenaltyBreakString: 1000
+PenaltyExcessCharacter: 1000000
+PenaltyReturnTypeOnItsOwnLine: 200
+PointerAlignment: Left
+ReflowComments: true
+SortIncludes: true
+SpaceAfterCStyleCast: false
+SpaceBeforeAssignmentOperators: true
+SpaceBeforeParens: ControlStatements
+SpaceInEmptyParentheses: false
+SpacesBeforeTrailingComments: 2
+SpacesInAngles: false
+SpacesInContainerLiterals: true
+SpacesInCStyleCastParentheses: false
+SpacesInParentheses: false
+SpacesInSquareBrackets: false
+Standard: Auto
+TabWidth: 8
+UseTab: Never
+...
+
diff --git a/include/base64.hpp b/include/base64.hpp
index f5ff338cae..e024d0a48f 100644
--- a/include/base64.hpp
+++ b/include/base64.hpp
@@ -3,7 +3,6 @@
namespace base64 {
- bool base64_encode(const gsl::cstring_span<> &input, std::string &output);
- bool base64_decode(const gsl::cstring_span<> &input, std::string &output);
-
+bool base64_encode(const gsl::cstring_span<> &input, std::string &output);
+bool base64_decode(const gsl::cstring_span<> &input, std::string &output);
} \ No newline at end of file
diff --git a/include/big_list_of_naughty_strings.hpp b/include/big_list_of_naughty_strings.hpp
index 4ba27f73e4..2d1ca0dd74 100644
--- a/include/big_list_of_naughty_strings.hpp
+++ b/include/big_list_of_naughty_strings.hpp
@@ -1,687 +1,464 @@
const std::string naughty_strings[] = {
-// sourced from https://raw.githubusercontent.com/minimaxir/big-list-of-naughty-strings/master/blns.txt
-
-// Reserved Strings
-//
-// Strings which may be used elsewhere in code
-
-"undefined",
-"undef",
-"null",
-"NULL",
-"(null)",
-"nil",
-"NIL",
-"true",
-"false",
-"True",
-"False",
-"TRUE",
-"FALSE",
-"None",
-"hasOwnProperty",
-"\\",
-"\\\\",
-
-// Numeric Strings
-//
-// Strings which can be interpreted as numeric
-
-"0",
-"1",
-"1.00",
-"$1.00",
-"1/2",
-"1E2",
-"1E02",
-"1E+02",
-"-1",
-"-1.00",
-"-$1.00",
-"-1/2",
-"-1E2",
-"-1E02",
-"-1E+02",
-"1/0",
-"0/0",
-"-2147483648/-1",
-"-9223372036854775808/-1",
-"-0",
-"-0.0",
-"+0",
-"+0.0",
-"0.00",
-"0..0",
-".",
-"0.0.0",
-"0,00",
-"0,,0",
-",",
-"0,0,0",
-"0.0/0",
-"1.0/0.0",
-"0.0/0.0",
-"1,0/0,0",
-"0,0/0,0",
-"--1",
-"-",
-"-.",
-"-,",
-"999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999",
-"NaN",
-"Infinity",
-"-Infinity",
-"INF",
-"1#INF",
-"-1#IND",
-"1#QNAN",
-"1#SNAN",
-"1#IND",
-"0x0",
-"0xffffffff",
-"0xffffffffffffffff",
-"0xabad1dea",
-"123456789012345678901234567890123456789",
-"1,000.00",
-"1 000.00",
-"1'000.00",
-"1,000,000.00",
-"1 000 000.00",
-"1'000'000.00",
-"1.000,00",
-"1 000,00",
-"1'000,00",
-"1.000.000,00",
-"1 000 000,00",
-"1'000'000,00",
-"01000",
-"08",
-"09",
-"2.2250738585072011e-308",
-
-// Special Characters
-//
-// ASCII punctuation. All of these characters may need to be escaped in some
-// contexts. Divided into three groups based on (US-layout) keyboard position.
-
-",./;'[]\\-=",
-"<>?:\"{}|_+",
-"!@#$%^&*()`~",
-
-// Non-whitespace C0 controls: U+0001 through U+0008, U+000E through U+001F,
-// and U+007F (DEL)
-// Often forbidden to appear in various text-based file formats (e.g. XML),
-// or reused for internal delimiters on the theory that they should never
-// appear in input.
-// The next line may appear to be blank or mojibake in some viewers.
-"",
-
-// Non-whitespace C1 controls: U+0080 through U+0084 and U+0086 through U+009F.
-// Commonly misinterpreted as additional graphic characters.
-// The next line may appear to be blank, mojibake, or dingbats in some viewers.
-"ᅡタᅡチᅡツᅡテᅡトᅡニᅡヌᅡネᅡノᅡハᅡヒᅡフᅡヘᅡホᅡマᅡミᅡムᅡメᅡモᅡヤᅡユᅡヨᅡラᅡリᅡルᅡレᅡロᅡワᅡンᅡ゙ᅡ゚",
-
-// Whitespace: all of the characters with category Zs, Zl, or Zp (in Unicode
-// version 8.0.0), plus U+0009 (HT), U+000B (VT), U+000C (FF), U+0085 (NEL),
-// and U+200B (ZERO WIDTH SPACE), which are in the C categories but are often
-// treated as whitespace in some contexts.
-// This file unfortunately cannot express strings containing
-// U+0000, U+000A, or U+000D (NUL, LF, CR).
-// The next line may appear to be blank or mojibake in some viewers.
-// The next line may be flagged for \"trailing whitespace\" in some viewers.
-" ", " ᅡナ £レタ¬タタ¬タチ¬タツ¬タテ¬タト¬タナ¬タニ¬タヌ¬タネ¬タノ¬タハ¬タヒ¬タᄄ¬タᄅ¬タᆵ¬チ゚ ̄タタ",
-
-// Unicode additional control characters: all of the characters with
-// general category Cf (in Unicode 8.0.0).
-// The next line may appear to be blank or mojibake in some viewers.
-"ᅡᆳ￘タ￘チ￘ツ￘テ￘ト￘ナ￘ワᅴンᅵマ£ᅠホ¬タヒ¬タフ¬タヘ¬タホ¬タマ¬タᆰ¬タᆱ¬タᆲ¬タᆳ¬タᆴ¬チᅠ¬チᄀ¬チᄁ¬チᆪ¬チᄂ¬チᆭ¬チᄃ¬チᄄ¬チᄅ¬チᆰ¬チᆱ¬チᆲ¬チᆳ¬チᆴ¬チᆵ￯ᄏ﾿￯﾿ᄍ￯﾿ᄎ￯﾿ᄏ￰ムツᄑ￰ロᄇᅠ￰ロᄇᄀ￰ロᄇᄁ￰ロᄇᆪ￰ンナᄈ￰ンナᄡ￰ンナᄉ￰ンナᄊ￰ンナᄋ￰ンナᄌ￰ンナᄍ￰ンナᄎ￳ᅠタチ￳ᅠタᅠ￳ᅠタᄀ￳ᅠタᄁ￳ᅠタᆪ￳ᅠタᄂ￳ᅠタᆬ￳ᅠタᆭ￳ᅠタᄃ￳ᅠタᄄ￳ᅠタᄅ￳ᅠタᆰ￳ᅠタᆱ￳ᅠタᆲ￳ᅠタᆳ￳ᅠタᆴ￳ᅠタᆵ￳ᅠタᄚ￳ᅠタᄆ￳ᅠタᄇ￳ᅠタᄈ￳ᅠタᄡ￳ᅠタᄉ￳ᅠタᄊ￳ᅠタᄋ￳ᅠタᄌ￳ᅠタᄍ￳ᅠタᄎ￳ᅠタᄏ￳ᅠタᄐ￳ᅠタᄑ￳ᅠタᄒ￳ᅠタ﾿￳ᅠチタ￳ᅠチチ￳ᅠチツ￳ᅠチテ￳ᅠチト￳ᅠチナ￳ᅠチニ￳ᅠチヌ￳ᅠチネ￳ᅠチノ￳ᅠチハ￳ᅠチヒ￳ᅠチフ￳ᅠチヘ￳ᅠチホ￳ᅠチマ￳ᅠチミ￳ᅠチム￳ᅠチメ￳ᅠチモ￳ᅠチヤ￳ᅠチユ￳ᅠチヨ￳ᅠチラ￳ᅠチリ￳ᅠチル￳ᅠチレ￳ᅠチロ￳ᅠチワ￳ᅠチン￳ᅠヂ￳ᅠチ゚￳ᅠチᅠ￳ᅠチᄀ￳ᅠチᄁ￳ᅠチᆪ￳ᅠチᄂ￳ᅠチᆬ￳ᅠチᆭ￳ᅠチᄃ￳ᅠチᄄ￳ᅠチᄅ￳ᅠチᆰ￳ᅠチᆱ￳ᅠチᆲ￳ᅠチᆳ￳ᅠチᆴ￳ᅠチᆵ￳ᅠチᄚ￳ᅠチᄆ￳ᅠチᄇ￳ᅠチᄈ￳ᅠチᄡ￳ᅠチᄉ￳ᅠチᄊ￳ᅠチᄋ￳ᅠチᄌ￳ᅠチᄍ￳ᅠチᄎ￳ᅠチᄏ￳ᅠチᄐ￳ᅠチᄑ￳ᅠチᄒ￳ᅠチ﾿",
-
-// \"Byte order marks\", U+FEFF and U+FFFE, each on its own line.
-// The next two lines may appear to be blank or mojibake in some viewers.
-"￯ᄏ﾿",
-"￯﾿ᄒ",
-
-// Unicode Symbols
-//
-// Strings which contain common unicode symbols (e.g. smart quotes)
-
-"ᅫᄅ¬ノネᅢᄃ¬ネレ¬ネᆱᅨワᅡᄉ¬ノᄂ¬ノᆬᅢᄋ",
-"ᅢᆬᅢ゚¬ネツᅥメᅡ례ル¬ネニᅨレᅡᆲ¬タᆭᅢᆭ",
-"ᅤモ¬ネムᅡᄡᅡᆴ¬タᅠᅡᆬᅡ뗴ニᅢ죄タ¬タワ¬タリ",
-"ᅡᄀ¬ト깏ᅡᄁ¬ネ゙ᅡ다ᄊ¬タ깕ᅡᄎ¬タモ¬ノᅠ",
-"ᅡ졔ロᅢヌ¬ラハᅣ몌ワᅢツᅡᆵᅨリᅡ﾿",
-"ᅢナᅢヘᅢホᅢマᅨンᅢモᅢヤ￯ᆪ﾿ᅢメᅢレᅢニ¬リテ",
-"ᅤメ¬ダᅡᄡ¬タᄚᅨヌᅢチᅡ뗴ニᅢリ¬ネマ¬タン¬タル",
-"`¬チト¬ツᆲ¬タᄍ¬タᄎ￯ᆲチ￯ᆲツ¬タ가ᄚᅡᄋ¬タレ¬タヤᅡᄆ",
-"¬ナロ¬ナワ¬ナン¬ナ゙",
-"￐チ￐ツ￐テ￐ト￐ナ￐ニ￐ヌ￐ネ￐ノ￐ハ￐ヒ￐フ￐ヘ￐ホ￐マ￐ミ￐ム￐メ￐モ￐ヤ￐ユ￐ヨ￐ラ￐リ￐ル￐レ￐ロ￐ワ￐ン￐゙￐゚￐ᅠ￐ᄀ￐ᄁ￐ᆪ￐ᄂ￐ᆬ￐ᆭ￐ᄃ￐ᄄ￐ᄅ￐ᆰ￐ᆱ￐ᆲ￐ᆳ￐ᆴ￐ᆵ￐ᄚ￐ᄆ￐ᄇ￐ᄈ￐ᄡ￐ᄉ￐ᄊ￐ᄋ￐ᄌ￐ᄍ￐ᄎ￐ᄏ￐ᄐ￐ᄑ￐ᄒ￐﾿￑タ￑チ￑ツ￑テ￑ト￑ナ￑ニ￑ヌ￑ネ￑ノ￑ハ￑ヒ￑フ￑ヘ￑ホ￑マ",
-"￙ᅠ￙ᄀ￙ᄁ￙ᆪ￙ᄂ￙ᆬ￙ᆭ￙ᄃ￙ᄄ￙ᄅ",
-
-// Unicode Subscript/Superscript/Accents
-//
-// Strings which contain unicode subscripts/superscripts; can cause rendering issues
-
-"¬チᄚ¬チᄡ¬チᄉ",
-"¬ツタ¬ツチ¬ツツ",
-"¬チᄚ¬チᄡ¬チᄉ¬ツタ¬ツチ¬ツツ",
-"¢ᄌヤ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ ¢ᄌヤ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ ¢ᄌヤ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ",
-
-// Quotation Marks
-//
-// Strings which contain misplaced quotation marks; can cause encoding errors
-
-"'",
-"\"",
-"''",
-"\"\"",
-"'\"'",
-"\"''''\"'\"",
-"\"'\"'\"''''\"",
-"<foo val=¬タワbar¬タン />",
-"<foo val=¬タワbar¬タン />",
-"<foo val=¬タンbar¬タワ />",
-"<foo val=`bar' />",
-
-// Two-Byte Characters
-//
-// Strings which contain two-byte characters: can cause rendering issues or character-length issues
-
-"￧ヤᄚ¦ᄌᆳ ̄チユ ̄ツモ ̄チᆱ ̄チツ ̄チメ ̄チᆭ¦ᄌヒ ̄チユ ̄チト",
-" ̄テム ̄テᄐ ̄テニ ̄ツᆪ ̄テᄐ ̄チᄌ│ᄀフ ̄チヒ ̄チᆰ ̄チト ̄チヒ",
-"¥メフ│ᆪᄑ₩ᄐᄁ│ᆰ゙",
-"←テᄄ│ミᄑ₩ᅠᄐ",
-"↓ツᆲ■レフ↑ᄈᄐ■ユル↓ロミ ↓ヨᄡ■ユル↓ラᄚ↑ᄉᆲ↓ニフ",
-"↓ᄚᆭ↓ᄚᄄ→ᆬᄐ ■テタ↑ᄈᅠ ↓リᄄ ■ホᄇ↓ヒワ→ᄃᄄ↑ᄈᄐ ↓ムロ→ヒᄂ→ᆭᆲ →リᅠ→ᄚᄅ↑ᄚチ■ユリ",
-"￧ᄂᄒ₩ワテ￧ᄃム¥ᆳᄌ←ルᄁ│ᆰ゙¥ᆳᄌ￧ᅠヤ￧ᄅᄊ₩ノタ",
-"↓レᄌ→゙タ→ᄚヤ■ニᅠ→ᆬᄡ",
-"￰ᅠワホ￰ᅠワᄆ￰ᅠンᄍ￰ᅠᄆモ￰ᅠᄆᄌ￰ᅠᄇヨ￰ᅠᄈマ",
-
-// Changing length when lowercased
-//
-// Characters which increase in length (2 to 3 bytes) when lowercased
-// Credit: https://twitter.com/jifa/status/625776454479970304
-
-"￈ᄎ",
-"￈ᄒ",
-
-// Japanese Emoticons
-//
-// Strings which consists of Japanese-style emoticons which are popular on the web
-
-" ̄テᄑ¢ᄐᄐ¢ᄎネ￙トᅪワ¢ᄎネ¢ᄐᄑ￯ᄒノ  ̄テᄑ¢ᄐᄐ¢ᄎネ￙トᅪワ¢ᄎネ¢ᄐᄑ￯ᄒノ",
-"(￯ᄑᄀ¬ラユ ¬ネタ ¬ラユ￯ᄑᄀ)",
-"￯ᄑタ￯ᄑᄄ(ᅡᄡ¬ネタ￯ᄑタ¬ネᄅ",
-"__￯ᄒロ(,_,*)",
-" ̄テᄏ(￯﾿ᆪ¬ネタ￯﾿ᆪ) ̄テᄏ:*:",
-"￯ᄒ゚￯ᄑᆬ¬ワ﾿ ̄テᄒ¬ユᄇ(￯ᄑᄀ¬ラユ¬タ﾿¬ラユ￯ᄑᄀ)¬ユᄆ¬ワ﾿￯ᄑᆬ￯ᄒ゚",
-", ̄タツ ̄テᄏ:*: ̄テᄏ ̄ツワ¬タル( ¬リᄏ ᅬノ ¬リᄏ ) ̄タツ ̄テᄏ:*: ̄テᄏ ̄ツワ¬タル",
-"(¬ユᆵᅡᄚ¬ヨ가ᄚ￯ᄐノ¬ユᆵ￯ᄌᄉ ¬ヤᄏ¬ヤチ¬ヤᄏ)",
-"(￯ᄒノ¢ᄇᆬ￧ロハ¢ᄇᆬ￯ᄐノ￯ᄒノ￯ᄏ﾿ ¬ヤᄏ¬ヤチ¬ヤᄏ",
-"¬ヤᆲ¬ヤタ¬ヤᆲ ̄テホ( ᅡᄎ _ ᅡᄎ ̄テホ)",
-"( ᅪ가ᄚ ᅪワᅧヨ ᅪ가ᄚ)",
-
-// Emoji
-//
-// Strings which contain Emoji; should be the same behavior as two-byte characters, but not always
-
-"￰゚リヘ",
-"￰゚ムᄅ￰゚マᄑ",
-"￰゚ムᄒ ￰゚ルヌ ￰゚メチ ￰゚ルナ ￰゚ルニ ￰゚ルヒ ￰゚ルホ ￰゚ルヘ",
-"￰゚ミᄉ ￰゚ルネ ￰゚ルノ ￰゚ルハ",
-"¬ンᄂ￯ᄌマ ￰゚メヤ ￰゚メフ ￰゚メユ ￰゚メ゙ ￰゚メモ ￰゚メラ ￰゚メヨ ￰゚メリ ￰゚メン ￰゚メ゚ ￰゚メワ ￰゚メロ ￰゚メレ ￰゚メル",
-"¬ワヒ￰゚マ﾿ ￰゚メᆰ￰゚マ﾿ ￰゚ムミ￰゚マ﾿ ￰゚ルフ￰゚マ﾿ ￰゚ムマ￰゚マ﾿ ￰゚ルマ￰゚マ﾿",
-"￰゚レᄒ ￰゚ニメ ￰゚ニモ ￰゚ニユ ￰゚ニヨ ￰゚ニラ ￰゚ニル ￰゚マᄃ",
-"0￯ᄌマ¬テᆪ 1￯ᄌマ¬テᆪ 2￯ᄌマ¬テᆪ 3￯ᄌマ¬テᆪ 4￯ᄌマ¬テᆪ 5￯ᄌマ¬テᆪ 6￯ᄌマ¬テᆪ 7￯ᄌマ¬テᆪ 8￯ᄌマ¬テᆪ 9￯ᄌマ¬テᆪ ￰゚ヤ゚",
-
-// Regional Indicator Symbols
-//
-// Regional Indicator Symbols can be displayed differently across
-// fonts, and have a number of special behaviors
-
-"￰゚ヌᄎ￰゚ヌᄌ￰゚ヌᄋ￰゚ヌᄎ￰゚ヌᄌ ￰゚ヌᆭ￰゚ヌᆱ￰゚ヌᆭ￰゚ヌᄇ￰゚ヌᄌ",
-"￰゚ヌᄎ￰゚ヌᄌ￰゚ヌᄋ￰゚ヌᄎ￰゚ヌᄌ￰゚ヌᆭ￰゚ヌᆱ￰゚ヌᆭ￰゚ヌᄇ",
-"￰゚ヌᄎ￰゚ヌᄌ￰゚ヌᄋ￰゚ヌᄎ￰゚ヌᄌ￰゚ヌᆭ",
-
-// Unicode Numbers
-//
-// Strings which contain unicode numbers; if the code is localized, it should see the input as numeric
-
-"￯ᄐム￯ᄐメ￯ᄐモ",
-"￙ᄀ￙ᄁ￙ᆪ",
-
-// Right-To-Left Strings
-//
-// Strings which contain text that should be rendered RTL if possible (e.g. Arabic, Hebrew)
-
-"￘ᆱ￙ナ ￙ニ￙チ￘ᄈ ￘ᄈ￙ツ￘ᄋ￘ᆰ ￙ネ￘ᄄ￘ᄃ￙ト￘ᆰ￘ᆳ￘ᆵ￙ハ￘ᆵ￘フ, ￘ᆲ￘ᄇ￙ハ￘ᄆ￘ᆰ￙ハ ￘ᄄ￘ᄃ￘ᄈ￘ᆰ￘ᆴ￘ᆵ￘ᄃ￙ナ ￘ᆪ￙ニ ￘ᆵ￙ニ￙ネ. ￘ᆬ￘ᄚ ￙ヌ￙ニ￘ᄃ￘゚ ￘ᄃ￙ト￘ᄈ￘ᆰ￘ᄃ￘ᄆ ￙ネ￘ᆰ￙ニ￘ᄉ￙ハ￘ᄄ ￙テ￘ᄃ￙ニ. ￘ᆪ￙ヌ￙ム￙ト ￘ᄃ￙ハ￘ᄋ￘ᄃ￙ト￙ハ￘ᄃ￘フ ￘ᄄ￘ᄆ￙ハ￘ᄋ￘ᄃ￙ニ￙ハ￘ᄃ-￙チ￘ᄆ￙ニ￘ᄈ￘ᄃ ￙ツ￘ᆵ ￘ᆪ￘ᆴ￘ᄚ. ￘ᄈ￙ト￙ハ￙ナ￘ᄃ￙ニ￘フ ￘ᆬ￘ᆰ￙チ￘ᄃ￙ツ￙ハ￘ᄅ ￘ᄄ￙ハ￙ニ ￙ナ￘ᄃ, ￙ハ￘ᄚ￙テ￘ᄆ ￘ᄃ￙ト￘ᆳ￘ᆵ￙ネ￘ᆵ ￘ᆪ￙ハ ￘ᄄ￘ᄍ￘ᆵ, ￙ナ￘ᄍ￘ᄃ￙ナ￙ト￘ᄅ ￘ᄄ￙ネ￙ト￙ニ￘ᆵ￘ᄃ￘フ ￘ᄃ￙ト￘ᆬ￘ᄋ￙ト￘ᄃ￙ツ ￘ᄍ￙ト ￘ᆬ￙ハ￙ネ.",
-"ᅲムᅱᄚᅱ튜뛰슈ミᅲ뤼ᄡᅲチᅲルᅲᆰ, ᅲムᅱ쥐튜뛰쥬ミ ᅲミᅱ뮤ワᅱ쮸ヤᅱᄡᅲルᅲン, ᅲミᅱ슑 ᅲヤᅱ유뤼쥐튜チᅲ゙ᅱ유ルᅱᄡᅲン, ᅲユᅱᄚᅲミᅱ슑 ᅲヤᅱ쥬ミᅱ쥬뛰쓙",
-"ᅲヤᅱ쥬ルᅱᄚᅲᆰᅱ쥬ヤtest￘ᄃ￙ト￘ᄉ￙チ￘ᆳ￘ᄃ￘ᆰ ￘ᄃ￙ト￘ᆰ￙ム￘ᆳ￙ネ￙ト",
-"￯ᄋᄑ",
-"￯ᄋᄎ",
-"￙ナ￙マ￙ニ￙ホ￘ᄃ￙ツ￙ホ￘ᄡ￙ホ￘ᄅ￙マ ￘ᄈ￙マ￘ᄄ￙マ￙ト￙ミ ￘ᄃ￙ミ￘ᄈ￙メ￘ᆰ￙ミ￘ᆴ￙メ￘ᆵ￙ホ￘ᄃ￙ナ￙ミ ￘ᄃ￙ト￙ト￙ム￙マ￘ᄎ￙ホ￘ᄅ￙ミ ￙チ￙ミ￙ハ ￘ᄃ￙ト￙ニ￙ム￙マ￘ᄌ￙マ￙ナ￙ミ ￘ᄃ￙ト￙メ￙ツ￙ホ￘ᄃ￘ᆭ￙ミ￙ナ￙ホ￘ᄅ￙ミ ￙ネ￙ホ￙チ￙ミ￙ハ￙ナ ￙ハ￙ホ￘ᆴ￙マ￘ᄉ￙ム￙ホ ￘ᄃ￙ト￘ᆰ￙ム￙ホ￘ᄋ￙メ￘ᄄ￙ミ￙ハ￙ツ￙ホ￘ᄃ￘ᆰ￙マ ￘ᄃ￙ト￙メ￘ᆳ￘ᄃ￘ᄈ￙マ￙ネ￘ᄄ￙ミ￙ハ￙ム￙ホ￘ᄅ￙マ￘フ ",
-
-// Trick Unicode
-//
-// Strings which contain unicode with unusual properties (e.g. Right-to-left override) (c.f. http://www.unicode.org/charts/PDF/U2000.pdf)
-
-"¬タᆰ¬タᆰtest¬タᆰ",
-"¬タᆱtest¬タᆱ",
-"¬タᄅtest¬タᄅ",
-"test¬チᅠtest¬タᆱ",
-"¬チᆭtest¬チᄃ",
-
-// Zalgo Text
-//
-// Strings which contain \"corrupted\" text. The corruption will not appear in non-HTML text, however. (via http://www.eeemo.net)
-
-"£ᄍᄚᅩ초초ユoᅪ゙ ᅩᄋiᅩ볿ᅪヌᅩᆰᅪルnᅩンᅩラᅪユvᅩ゚ᅩワᅩリᅩᆭᅪ゚oᅩ쏘ルᅩᄚᅩᅠkᅢ똬レᅩᆴᅩ촑ᅩ쪼모ᄂ ᅩヨtᅩンᅪユᅩ뽃ᅩ콝ᅪ゙hᅩ톼モᅩ볺ᅩ뽀リᅩᄇeᅪヌᅩᆪᅩᄚᅩᆭᅩᆲᅪホ ᅩ꼬토코모リhᅪレᅪホᅪルᅩワᅩᆪᅩ봐ナiᅩᆭᅩ볷ᅩᄚᅩᄂvᅩ콰ヘeᅩ촔ᅩ뽉ᅩᄚ-mᅩᄁiᅪナnᅩヨᅩ초゙ᅩ봂ᅩᄚdᅩ소토゚ᅪルᅩ로토リᅩᄈ ᅩ゙ᅩᆬᅩ모뽌rᅩロᅩラᅩリeᅪルpᅪᅠrᅩ토゙ᅩ콠ᅩラeᅩ초ᅠᅩᆪᅪ゚sᅩリᅪヌᅩ뽜ヘᅩンᅪノeᅪノᅩᆬᅩᆵᅩ゙ᅩ봐レᅩᆲᅪワᅦ쫇ᅪホᅪホᅩ゚ᅩヨᅪヌᅩᄂtᅪヘᅩᆲᅩ놔モᅩ톬ᅪリᅪナiᅩᆰᅩᄆnᅪᅠgᅩᄡᅪノ ᅪマᅪノᅪナcᅩᆲᅩ゚hᅪᄀaᅩᆱᅩ콢ᅪリoᅩᆱᅩ゚ᅩヨᅪヘᅩルᅩンᅪノsᅩラᅩᆭᅩᄇ.ᅩ또쫘ネᅩᆪ",
-"ᅩ과モᅩ゙ᅪナIᅩラᅩリᅩᆭᅪンnᅪヌᅪヌᅪルvᅩᆴᅩᆱokᅩ볾ᅩルᅪネiᅩヨᅪルᅩᆳᅩ쪼ᅠᅩ゙nᅩ고콡ᅩᆪᅩᄎgᅩ봐ネᅪルᅩᆳᅪルᅩᆲᅪホ ᅩᄚtᅪヤᅩᆭhᅩ゙ᅩᄇeᅩ꼬ᄂ ᅪヘᅩᆲᅩ봐ヨfᅩᄡᅩリᅪユᅩᆪᅢ똬ヨ£ᄎ쫁ᅩᄅlᅪヨᅪヤᅪレiᅪモᅪレᅩᆭᅪᅠnᅪヨᅪヘᅩラᅪモᅩ뽍gᅪヘ ᅩᄄoᅪレᅩᆰᅪᄀfᅩリᅩᆪᅩᆲ ᅩヨᅩリᅪヨᅩ゚ᅪルᅩᆴcᅭノᅪヤᅩᆱᅪヨᅪモᅪヌᅪヨᅪナhᅩ소녻ᅪレᅪヤᅢ고ラᅩ톼ユᅪナoᅩ톣ᅩᆬsᅩ뫄ネᅩ초ヨᅩᆭᅩ콰ᄁ.ᅩロᅩヨᅩ゙ᅩᅠᅩᆱᅩᄚ",
-"ᅩラᅩ촤ヨᅩ쫊ᅪモ£ᄍᆴᅩ놔ヘᅩᆬᅪヌᅪネhᅩ보チeᅪマᅪモᅩ토ラᅩルᅩ톣ᅪヤ ᅪヌᅩワᅩ모ᅠᅪモᅪヘᅪナNᅪユᅪᅠeᅩラᅩᄆzᅩリᅩンᅩワᅩ촤ルpᅩ노초쫘ヘᅩᆵᅪレeᅩᅠᅩ코ᅠᅪワrᅩ또놔ヘᅩ초ヨᅪヤᅩヨᅩヨdᅩᅠᅩ゚ᅩᆳᅩᆲᅩンᅪ゚iᅩᆭᅪヨᅩ롸モᅪヤᅩᄂaᅩᅠᅩラᅩᆲᅪノᅩルnᅪレᅪワ ᅩ코゙ᅩᄚᅪレᅪナhᅩ솨ノiᅩ뽀゙vᅩ꽈ヌ£ᄌルᅪホᅪ゚-ᅭノᅩᆳᅩ로톼ヤmᅩ놄ᅩᆱiᅪユᅪヌᅩンᅩᆭnᅩラᅪル£ᄌヘᅩ゚ ᅩᆵᅩ봐ユᅪ゙ᅦᆱᅩ゚ᅩᆵᅩᄚᅩ봐ルᅩ코ンf ᅩᆰᅩᄚᅩᄚᅩラᅩヨᅩᆳᅩリᅪリcᅩᆭᅪヘᅩ보゙ᅪヘᅩ로ル£ᄌᆬᅪレaᅩᆴᅪホᅩ゚ᅩルᅪワᅥ고로쫘ホsᅩᄂ.ᅩンᅩン ᅭノZᅩ고ヨᅩワᅪヨᅩᄚᅩᆪᅪノᅩワaᅪヨᅩᄚᅪルᅩᆲᅪᄀlᅩ볾ᅩ뽜ヘᅩᄅgᅩ고゚ᅩ토뫄レᅩ゙ᅩᆲᅪナoᅩラᅪワ.ᅩ゚",
-"ᅩᆭHᅩᆲᅩ노ラᅩ놔ンeᅪワ ᅩワᅩᆬᅩンᅩ콰ヘᅩ゚ᅩチwᅩユhᅩヨᅩᆵᅪモoᅩンᅪルᅩヨᅪホᅩ몵 ᅭノᅩ초ルᅩ゙ᅩ゚ᅪネWᅩ오톬aᅩ촑ᅪヘᅣᆵᅪネᅪユᅩᆳᅪルᅩᆵᅩワtᅩ쏘톭sᅩリᅪルᅪヨᅩユ ᅩᅠᅩᆱᅩᅠBᅩ콰ヘᅪルᅪノᅩ뽜ナeᅩᄉhᅩ솗ᅪヌᅩᆱᅪルiᅩ쫘モᅩ뽀뽍ᅪホᅩᆱᅩユnᅪ゚dᅩᄡᅩᆰᅩワᅩヨ ᅩᄚᅪノᅩ롸ヌᅪルᅩ봐゙ᅪナTᅪヨᅩ톼モᅩᆰᅪᄁhᅪマᅪモᅩᆴᅩᄏeᅩᆲᅩンᅩ゚ᅪナ ᅩ노쪼ンWᅪルᅩ゙ᅩンᅪヤᅪヌᅪンᅪナaᅪマᅪモᅪヤᅩ쪼톣lᅩᄡᅪヤᅩᄚᅩ노゚ᅪヤ£ᄌ폶.ᅪユ",
-"Zᅩᆴᅩ゙ᅩᅠᅪルᅪヤᅪナ£ᄌタᅩラᅩ゙ᅪネᅩ코ラ£ᄌ쏴ルᅪホᅩᆵᅩ쪼゙ᅪモGᅩᄏOᅩᆳᅩラᅩᆴ",
-
-// Unicode Upsidedown
-//
-// Strings which contain unicode with an \"upsidedown\" effect (via http://www.upsidedowntext.com)
-
-"ᅨル￉ミnb£ᄡノl￉ミ ￉ミuᅥテ￉ミ￉ᆵ ᅦン￉ᄍolop ᅧヌᅦン ᅦン￉ᄍoq￉ミl ᅧヌn ᅧヌunp£ᄡノp£ᄡノ￉ヤu£ᄡノ ￉ᄍod￉ᆵᅦンᅧヌ po￉ᆵsn£ᄡノᅦン op pᅦンs 'ᅧヌ£ᄡノlᅦン ᅥテu£ᄡノ￉ヤs£ᄡノd£ᄡノp￉ミ ￉ᄍnᅧヌᅦンᅧヌ￉ヤᅦンsuo￉ヤ 'ᅧヌᅦン￉ᆵ￉ミ ᅧヌ£ᄡノs ￉ᄍolop ￉ᆵnsd£ᄡノ ￉ᆵᅦン￉ᄍoᅨᆬ",
-"00ᅨルᅥヨ$-",
-
-// Unicode font
-//
-// Strings which contain bold/italic/etc. versions of normal characters
-
-"￯ᄐᄡ￯ᄑネ￯ᄑナ ￯ᄑム￯ᄑユ￯ᄑノ￯ᄑテ￯ᄑヒ ￯ᄑツ￯ᄑメ￯ᄑマ￯ᄑラ￯ᄑホ ￯ᄑニ￯ᄑマ￯ᄑリ ￯ᄑハ￯ᄑユ￯ᄑヘ￯ᄑミ￯ᄑモ ￯ᄑマ￯ᄑヨ￯ᄑナ￯ᄑメ ￯ᄑヤ￯ᄑネ￯ᄑナ ￯ᄑフ￯ᄑチ￯ᄑレ￯ᄑル ￯ᄑト￯ᄑマ￯ᄑヌ",
-"￰ンミモ￰ンミᄀ￰ンミ゙ ￰ンミᆰ￰ンミᆴ￰ンミᄁ￰ンミワ￰ンミᄂ ￰ンミロ￰ンミᆱ￰ンミᄄ￰ンミᄚ￰ンミᄃ ￰ンミ゚￰ンミᄄ￰ンミᄆ ￰ンミᆪ￰ンミᆴ￰ンミᆭ￰ンミᄅ￰ンミᆲ ￰ンミᄄ￰ンミᆵ￰ンミ゙￰ンミᆱ ￰ンミᆳ￰ンミᄀ￰ンミ゙ ￰ンミᆬ￰ンミレ￰ンミᄈ￰ンミᄇ ￰ンミン￰ンミᄄ￰ンミᅠ",
-"￰ンユ﾿￰ンヨヘ￰ンヨハ ￰ンヨヨ￰ンヨレ￰ンヨホ￰ンヨネ￰ンヨミ ￰ンヨヌ￰ンヨラ￰ンヨヤ￰ンヨワ￰ンヨモ ￰ンヨヒ￰ンヨヤ￰ンヨン ￰ンヨマ￰ンヨレ￰ンヨメ￰ンヨユ￰ンヨリ ￰ンヨヤ￰ンヨロ￰ンヨハ￰ンヨラ ￰ンヨル￰ンヨヘ￰ンヨハ ￰ンヨム￰ンヨニ￰ンヨ゚￰ンヨ゙ ￰ンヨノ￰ンヨヤ￰ンヨフ",
-"￰ンムᄏ￰ンメノ￰ンメニ ￰ンメメ￰ンメヨ￰ンメハ￰ンメト￰ンメフ ￰ンメテ￰ンメモ￰ンメミ￰ンメリ￰ンメマ ￰ンメヌ￰ンメミ￰ンメル ￰ンメヒ￰ンメヨ￰ンメホ￰ンメム￰ンメヤ ￰ンメミ￰ンメラ￰ンメニ￰ンメモ ￰ンメユ￰ンメノ￰ンメニ ￰ンメヘ￰ンメツ￰ンメロ￰ンメレ ￰ンメナ￰ンメミ￰ンメネ",
-"￰ンモᆪ￰ンモᄆ￰ンモᆴ ￰ンモᄎ￰ンモᄒ￰ンモᄇ￰ンモᆲ￰ンモᄡ ￰ンモᆱ￰ンモᄏ￰ンモᄌ￰ンヤタ￰ンモᄋ ￰ンモᆵ￰ンモᄌ￰ンヤチ ￰ンモᄈ￰ンモᄒ￰ンモᄊ￰ンモᄍ￰ンモᄐ ￰ンモᄌ￰ンモ﾿￰ンモᆴ￰ンモᄏ ￰ンモᄑ￰ンモᄆ￰ンモᆴ ￰ンモᄉ￰ンモᆰ￰ンヤテ￰ンヤツ ￰ンモᆳ￰ンモᄌ￰ンモᄚ",
-"￰ンユヒ￰ンユル￰ンユヨ ￰ンユᄁ￰ンユᆭ￰ンユレ￰ンユヤ￰ンユワ ￰ンユモ￰ンユᆪ￰ンユᅠ￰ンユᄄ￰ンユ゚ ￰ンユラ￰ンユᅠ￰ンユᄅ ￰ンユロ￰ンユᆭ￰ンユ゙￰ンユᄀ￰ンユᄂ ￰ンユᅠ￰ンユᄃ￰ンユヨ￰ンユᆪ ￰ンユᆬ￰ンユル￰ンユヨ ￰ンユン￰ンユメ￰ンユᆱ￰ンユᆰ ￰ンユユ￰ンユᅠ￰ンユリ",
-"￰ンレテ￰ンレム￰ンレホ ￰ンレレ￰ンレ゙￰ンレメ￰ンレフ￰ンレヤ ￰ンレヒ￰ンレロ￰ンレリ￰ンレᅠ￰ンレラ ￰ンレマ￰ンレリ￰ンレᄀ ￰ンレモ￰ンレ゙￰ンレヨ￰ンレル￰ンレワ ￰ンレリ￰ンレ゚￰ンレホ￰ンレロ ￰ンレン￰ンレム￰ンレホ ￰ンレユ￰ンレハ￰ンレᆪ￰ンレᄁ ￰ンレヘ￰ンレリ￰ンレミ",
-"¬メᆵ¬メᆪ¬メᅠ ¬メᆲ¬メᄚ¬メᄂ¬メ゙¬メᆭ ¬メン¬メᆳ¬メᆰ¬メᄇ¬メᄅ ¬メᄀ¬メᆰ¬メᄈ ¬メᆬ¬メᄚ¬メᄄ¬メᆱ¬メᆴ ¬メᆰ¬メᄆ¬メᅠ¬メᆳ ¬メᆵ¬メᆪ¬メᅠ ¬メᄃ¬メワ¬メᄉ¬メᄡ ¬メ゚¬メᆰ¬メᄁ",
-
-// Script Injection
-//
-// Strings which attempt to invoke a benign script injection; shows vulnerability to XSS
-
-"<script>alert(123)</script>",
-"&lt;script&gt;alert(&#39;123&#39;);&lt;/script&gt;",
-"<img src=x onerror=alert(123) />",
-"<svg><script>123<1>alert(123)</script>",
-"\"><script>alert(123)</script>",
-"'><script>alert(123)</script>",
-"><script>alert(123)</script>",
-"</script><script>alert(123)</script>",
-"< / script >< script >alert(123)< / script >",
-" onfocus=JaVaSCript:alert(123) autofocus",
-"\" onfocus=JaVaSCript:alert(123) autofocus",
-"' onfocus=JaVaSCript:alert(123) autofocus",
-"￯ᄐワscript￯ᄐ゙alert(123)￯ᄐワ/script￯ᄐ゙",
-"<sc<script>ript>alert(123)</sc</script>ript>",
-"--><script>alert(123)</script>",
-"\";alert(123);t=\"",
-"';alert(123);t='",
-"JavaSCript:alert(123)",
-";alert(123);",
-"src=JaVaSCript:prompt(132)",
-"\"><script>alert(123);</script x=\"",
-"'><script>alert(123);</script x='",
-"><script>alert(123);</script x=",
-"\" autofocus onkeyup=\"javascript:alert(123)",
-"' autofocus onkeyup='javascript:alert(123)",
-"<script\\x20type=\"text/javascript\">javascript:alert(1);</script>",
-"<script\\x3Etype=\"text/javascript\">javascript:alert(1);</script>",
-"<script\\x0Dtype=\"text/javascript\">javascript:alert(1);</script>",
-"<script\\x09type=\"text/javascript\">javascript:alert(1);</script>",
-"<script\\x0Ctype=\"text/javascript\">javascript:alert(1);</script>",
-"<script\\x2Ftype=\"text/javascript\">javascript:alert(1);</script>",
-"<script\\x0Atype=\"text/javascript\">javascript:alert(1);</script>",
-"'`\"><\\x3Cscript>javascript:alert(1)</script>",
-"'`\"><\\x00script>javascript:alert(1)</script>",
-"ABC<div style=\"x\\x3Aexpression(javascript:alert(1)\">DEF",
-"ABC<div style=\"x:expression\\x5C(javascript:alert(1)\">DEF",
-"ABC<div style=\"x:expression\\x00(javascript:alert(1)\">DEF",
-"ABC<div style=\"x:exp\\x00ression(javascript:alert(1)\">DEF",
-"ABC<div style=\"x:exp\\x5Cression(javascript:alert(1)\">DEF",
-"ABC<div style=\"x:\\x0Aexpression(javascript:alert(1)\">DEF",
-"ABC<div style=\"x:\\x09expression(javascript:alert(1)\">DEF",
-"ABC<div style=\"x:\\xE3\\x80\\x80expression(javascript:alert(1)\">DEF",
-"ABC<div style=\"x:\\xE2\\x80\\x84expression(javascript:alert(1)\">DEF",
-"ABC<div style=\"x:\\xC2\\xA0expression(javascript:alert(1)\">DEF",
-"ABC<div style=\"x:\\xE2\\x80\\x80expression(javascript:alert(1)\">DEF",
-"ABC<div style=\"x:\\xE2\\x80\\x8Aexpression(javascript:alert(1)\">DEF",
-"ABC<div style=\"x:\\x0Dexpression(javascript:alert(1)\">DEF",
-"ABC<div style=\"x:\\x0Cexpression(javascript:alert(1)\">DEF",
-"ABC<div style=\"x:\\xE2\\x80\\x87expression(javascript:alert(1)\">DEF",
-"ABC<div style=\"x:\\xEF\\xBB\\xBFexpression(javascript:alert(1)\">DEF",
-"ABC<div style=\"x:\\x20expression(javascript:alert(1)\">DEF",
-"ABC<div style=\"x:\\xE2\\x80\\x88expression(javascript:alert(1)\">DEF",
-"ABC<div style=\"x:\\x00expression(javascript:alert(1)\">DEF",
-"ABC<div style=\"x:\\xE2\\x80\\x8Bexpression(javascript:alert(1)\">DEF",
-"ABC<div style=\"x:\\xE2\\x80\\x86expression(javascript:alert(1)\">DEF",
-"ABC<div style=\"x:\\xE2\\x80\\x85expression(javascript:alert(1)\">DEF",
-"ABC<div style=\"x:\\xE2\\x80\\x82expression(javascript:alert(1)\">DEF",
-"ABC<div style=\"x:\\x0Bexpression(javascript:alert(1)\">DEF",
-"ABC<div style=\"x:\\xE2\\x80\\x81expression(javascript:alert(1)\">DEF",
-"ABC<div style=\"x:\\xE2\\x80\\x83expression(javascript:alert(1)\">DEF",
-"ABC<div style=\"x:\\xE2\\x80\\x89expression(javascript:alert(1)\">DEF",
-"<a href=\"\\x0Bjavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
-"<a href=\"\\x0Fjavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
-"<a href=\"\\xC2\\xA0javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
-"<a href=\"\\x05javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
-"<a href=\"\\xE1\\xA0\\x8Ejavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
-"<a href=\"\\x18javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
-"<a href=\"\\x11javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
-"<a href=\"\\xE2\\x80\\x88javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
-"<a href=\"\\xE2\\x80\\x89javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
-"<a href=\"\\xE2\\x80\\x80javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
-"<a href=\"\\x17javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
-"<a href=\"\\x03javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
-"<a href=\"\\x0Ejavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
-"<a href=\"\\x1Ajavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
-"<a href=\"\\x00javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
-"<a href=\"\\x10javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
-"<a href=\"\\xE2\\x80\\x82javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
-"<a href=\"\\x20javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
-"<a href=\"\\x13javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
-"<a href=\"\\x09javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
-"<a href=\"\\xE2\\x80\\x8Ajavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
-"<a href=\"\\x14javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
-"<a href=\"\\x19javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
-"<a href=\"\\xE2\\x80\\xAFjavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
-"<a href=\"\\x1Fjavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
-"<a href=\"\\xE2\\x80\\x81javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
-"<a href=\"\\x1Djavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
-"<a href=\"\\xE2\\x80\\x87javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
-"<a href=\"\\x07javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
-"<a href=\"\\xE1\\x9A\\x80javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
-"<a href=\"\\xE2\\x80\\x83javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
-"<a href=\"\\x04javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
-"<a href=\"\\x01javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
-"<a href=\"\\x08javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
-"<a href=\"\\xE2\\x80\\x84javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
-"<a href=\"\\xE2\\x80\\x86javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
-"<a href=\"\\xE3\\x80\\x80javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
-"<a href=\"\\x12javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
-"<a href=\"\\x0Djavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
-"<a href=\"\\x0Ajavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
-"<a href=\"\\x0Cjavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
-"<a href=\"\\x15javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
-"<a href=\"\\xE2\\x80\\xA8javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
-"<a href=\"\\x16javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
-"<a href=\"\\x02javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
-"<a href=\"\\x1Bjavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
-"<a href=\"\\x06javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
-"<a href=\"\\xE2\\x80\\xA9javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
-"<a href=\"\\xE2\\x80\\x85javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
-"<a href=\"\\x1Ejavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
-"<a href=\"\\xE2\\x81\\x9Fjavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
-"<a href=\"\\x1Cjavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
-"<a href=\"javascript\\x00:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
-"<a href=\"javascript\\x3A:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
-"<a href=\"javascript\\x09:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
-"<a href=\"javascript\\x0D:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
-"<a href=\"javascript\\x0A:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
-"`\"'><img src=xxx:x \\x0Aonerror=javascript:alert(1)>",
-"`\"'><img src=xxx:x \\x22onerror=javascript:alert(1)>",
-"`\"'><img src=xxx:x \\x0Bonerror=javascript:alert(1)>",
-"`\"'><img src=xxx:x \\x0Donerror=javascript:alert(1)>",
-"`\"'><img src=xxx:x \\x2Fonerror=javascript:alert(1)>",
-"`\"'><img src=xxx:x \\x09onerror=javascript:alert(1)>",
-"`\"'><img src=xxx:x \\x0Conerror=javascript:alert(1)>",
-"`\"'><img src=xxx:x \\x00onerror=javascript:alert(1)>",
-"`\"'><img src=xxx:x \\x27onerror=javascript:alert(1)>",
-"`\"'><img src=xxx:x \\x20onerror=javascript:alert(1)>",
-"\"`'><script>\\x3Bjavascript:alert(1)</script>",
-"\"`'><script>\\x0Djavascript:alert(1)</script>",
-"\"`'><script>\\xEF\\xBB\\xBFjavascript:alert(1)</script>",
-"\"`'><script>\\xE2\\x80\\x81javascript:alert(1)</script>",
-"\"`'><script>\\xE2\\x80\\x84javascript:alert(1)</script>",
-"\"`'><script>\\xE3\\x80\\x80javascript:alert(1)</script>",
-"\"`'><script>\\x09javascript:alert(1)</script>",
-"\"`'><script>\\xE2\\x80\\x89javascript:alert(1)</script>",
-"\"`'><script>\\xE2\\x80\\x85javascript:alert(1)</script>",
-"\"`'><script>\\xE2\\x80\\x88javascript:alert(1)</script>",
-"\"`'><script>\\x00javascript:alert(1)</script>",
-"\"`'><script>\\xE2\\x80\\xA8javascript:alert(1)</script>",
-"\"`'><script>\\xE2\\x80\\x8Ajavascript:alert(1)</script>",
-"\"`'><script>\\xE1\\x9A\\x80javascript:alert(1)</script>",
-"\"`'><script>\\x0Cjavascript:alert(1)</script>",
-"\"`'><script>\\x2Bjavascript:alert(1)</script>",
-"\"`'><script>\\xF0\\x90\\x96\\x9Ajavascript:alert(1)</script>",
-"\"`'><script>-javascript:alert(1)</script>",
-"\"`'><script>\\x0Ajavascript:alert(1)</script>",
-"\"`'><script>\\xE2\\x80\\xAFjavascript:alert(1)</script>",
-"\"`'><script>\\x7Ejavascript:alert(1)</script>",
-"\"`'><script>\\xE2\\x80\\x87javascript:alert(1)</script>",
-"\"`'><script>\\xE2\\x81\\x9Fjavascript:alert(1)</script>",
-"\"`'><script>\\xE2\\x80\\xA9javascript:alert(1)</script>",
-"\"`'><script>\\xC2\\x85javascript:alert(1)</script>",
-"\"`'><script>\\xEF\\xBF\\xAEjavascript:alert(1)</script>",
-"\"`'><script>\\xE2\\x80\\x83javascript:alert(1)</script>",
-"\"`'><script>\\xE2\\x80\\x8Bjavascript:alert(1)</script>",
-"\"`'><script>\\xEF\\xBF\\xBEjavascript:alert(1)</script>",
-"\"`'><script>\\xE2\\x80\\x80javascript:alert(1)</script>",
-"\"`'><script>\\x21javascript:alert(1)</script>",
-"\"`'><script>\\xE2\\x80\\x82javascript:alert(1)</script>",
-"\"`'><script>\\xE2\\x80\\x86javascript:alert(1)</script>",
-"\"`'><script>\\xE1\\xA0\\x8Ejavascript:alert(1)</script>",
-"\"`'><script>\\x0Bjavascript:alert(1)</script>",
-"\"`'><script>\\x20javascript:alert(1)</script>",
-"\"`'><script>\\xC2\\xA0javascript:alert(1)</script>",
-"<img \\x00src=x onerror=\"alert(1)\">",
-"<img \\x47src=x onerror=\"javascript:alert(1)\">",
-"<img \\x11src=x onerror=\"javascript:alert(1)\">",
-"<img \\x12src=x onerror=\"javascript:alert(1)\">",
-"<img\\x47src=x onerror=\"javascript:alert(1)\">",
-"<img\\x10src=x onerror=\"javascript:alert(1)\">",
-"<img\\x13src=x onerror=\"javascript:alert(1)\">",
-"<img\\x32src=x onerror=\"javascript:alert(1)\">",
-"<img\\x47src=x onerror=\"javascript:alert(1)\">",
-"<img\\x11src=x onerror=\"javascript:alert(1)\">",
-"<img \\x47src=x onerror=\"javascript:alert(1)\">",
-"<img \\x34src=x onerror=\"javascript:alert(1)\">",
-"<img \\x39src=x onerror=\"javascript:alert(1)\">",
-"<img \\x00src=x onerror=\"javascript:alert(1)\">",
-"<img src\\x09=x onerror=\"javascript:alert(1)\">",
-"<img src\\x10=x onerror=\"javascript:alert(1)\">",
-"<img src\\x13=x onerror=\"javascript:alert(1)\">",
-"<img src\\x32=x onerror=\"javascript:alert(1)\">",
-"<img src\\x12=x onerror=\"javascript:alert(1)\">",
-"<img src\\x11=x onerror=\"javascript:alert(1)\">",
-"<img src\\x00=x onerror=\"javascript:alert(1)\">",
-"<img src\\x47=x onerror=\"javascript:alert(1)\">",
-"<img src=x\\x09onerror=\"javascript:alert(1)\">",
-"<img src=x\\x10onerror=\"javascript:alert(1)\">",
-"<img src=x\\x11onerror=\"javascript:alert(1)\">",
-"<img src=x\\x12onerror=\"javascript:alert(1)\">",
-"<img src=x\\x13onerror=\"javascript:alert(1)\">",
-"<img[a][b][c]src[d]=x[e]onerror=[f]\"alert(1)\">",
-"<img src=x onerror=\\x09\"javascript:alert(1)\">",
-"<img src=x onerror=\\x10\"javascript:alert(1)\">",
-"<img src=x onerror=\\x11\"javascript:alert(1)\">",
-"<img src=x onerror=\\x12\"javascript:alert(1)\">",
-"<img src=x onerror=\\x32\"javascript:alert(1)\">",
-"<img src=x onerror=\\x00\"javascript:alert(1)\">",
-"<a href=java&#1&#2&#3&#4&#5&#6&#7&#8&#11&#12script:javascript:alert(1)>XXX</a>",
-"<img src=\"x` `<script>javascript:alert(1)</script>\"` `>",
-"<img src onerror /\" '\"= alt=javascript:alert(1)//\">",
-"<title onpropertychange=javascript:alert(1)></title><title title=>",
-"<a href=http://foo.bar/#x=`y></a><img alt=\"`><img src=x:x onerror=javascript:alert(1)></a>\">",
-"<!--[if]><script>javascript:alert(1)</script -->",
-"<!--[if<img src=x onerror=javascript:alert(1)//]> -->",
-"<script src=\"/\%(jscript)s\"></script>",
-"<script src=\"\\%(jscript)s\"></script>",
-"<IMG \"\"\"><SCRIPT>alert(\"XSS\")</SCRIPT>\">",
-"<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>",
-"<IMG SRC=# onmouseover=\"alert('xxs')\">",
-"<IMG SRC= onmouseover=\"alert('xxs')\">",
-"<IMG onmouseover=\"alert('xxs')\">",
-"<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>",
-"<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>",
-"<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>",
-"<IMG SRC=\"jav ascript:alert('XSS');\">",
-"<IMG SRC=\"jav&#x09;ascript:alert('XSS');\">",
-"<IMG SRC=\"jav&#x0A;ascript:alert('XSS');\">",
-"<IMG SRC=\"jav&#x0D;ascript:alert('XSS');\">",
-"perl -e 'print \"<IMG SRC=java\0script:alert(\"XSS\")>\";' > out",
-"<IMG SRC=\" &#14; javascript:alert('XSS');\">",
-"<SCRIPT/XSS SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>",
-"<BODY onload!#$%&()*~+-_.,:;?@[/|\\]^`=alert(\"XSS\")>",
-"<SCRIPT/SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>",
-"<<SCRIPT>alert(\"XSS\");//<</SCRIPT>",
-"<SCRIPT SRC=http://ha.ckers.org/xss.js?< B >",
-"<SCRIPT SRC=//ha.ckers.org/.j>",
-"<IMG SRC=\"javascript:alert('XSS')\"",
-"<iframe src=http://ha.ckers.org/scriptlet.html <",
-"\\\";alert('XSS');//",
-"<u oncopy=alert()> Copy me</u>",
-"<i onwheel=alert(1)> Scroll over me </i>",
-"<plaintext>",
-"http://a/%%30%30",
-"</textarea><script>alert(123)</script>",
-
-// SQL Injection
-//
-// Strings which can cause a SQL injection if inputs are not sanitized
-
-"1;DROP TABLE users",
-"1'; DROP TABLE users-- 1",
-"' OR 1=1 -- 1",
-"' OR '1'='1",
-" ",
-"%",
-"_",
-
-// Server Code Injection
-//
-// Strings which can cause user to run code on server as a privileged user (c.f. https://news.ycombinator.com/item?id=7665153)
-
-"-",
-"--",
-"--version",
-"--help",
-"$USER",
-"/dev/null; touch /tmp/blns.fail ; echo",
-"`touch /tmp/blns.fail`",
-"$(touch /tmp/blns.fail)",
-"@{[system \"touch /tmp/blns.fail\"]}",
-
-// Command Injection (Ruby)
-//
-// Strings which can call system commands within Ruby/Rails applications
-
-"eval(\"puts 'hello world'\")",
-"System(\"ls -al /\")",
-"`ls -al /`",
-"Kernel.exec(\"ls -al /\")",
-"Kernel.exit(1)",
-"%x('ls -al /')",
-
-// XXE Injection (XML)
-//
-// String which can reveal system files when parsed by a badly configured XML parser
-
-"<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?><!DOCTYPE foo [ <!ELEMENT foo ANY ><!ENTITY xxe SYSTEM \"file:///etc/passwd\" >]><foo>&xxe;</foo>",
-
-// Unwanted Interpolation
-//
-// Strings which can be accidentally expanded into different strings if evaluated in the wrong context, e.g. used as a printf format string or via Perl or shell eval. Might expose sensitive data from the program doing the interpolation, or might just represent the wrong string.
-
-"$HOME",
-"$ENV{'HOME'}",
-"%d",
-"%s",
-"{0}",
-"%*.*s",
-"File:///",
-
-// File Inclusion
-//
-// Strings which can cause user to pull in files that should not be a part of a web server
-
-"../../../../../../../../../../../etc/passwd%00",
-"../../../../../../../../../../../etc/hosts",
-
-// Known CVEs and Vulnerabilities
-//
-// Strings that test for known vulnerabilities
-
-"() { 0; }; touch /tmp/blns.shellshock1.fail;",
-"() { _; } >_[$($())] { touch /tmp/blns.shellshock2.fail; }",
-"<<< %s(un='%s') = %u",
-"+++ATH0",
-
-// MSDOS/Windows Special Filenames
-//
-// Strings which are reserved characters in MSDOS/Windows
-
-"CON",
-"PRN",
-"AUX",
-"CLOCK$",
-"NUL",
-"A:",
-"ZZ:",
-"COM1",
-"LPT1",
-"LPT2",
-"LPT3",
-"COM2",
-"COM3",
-"COM4",
-
-// IRC specific strings
-//
-// Strings that may occur on IRC clients that make security products freak out
-
-"DCC SEND STARTKEYLOGGER 0 0 0",
-
-// Scunthorpe Problem
-//
-// Innocuous strings which may be blocked by profanity filters (https://en.wikipedia.org/wiki/Scunthorpe_problem)
-
-"Scunthorpe General Hospital",
-"Penistone Community Church",
-"Lightwater Country Park",
-"Jimmy Clitheroe",
-"Horniman Museum",
-"shitake mushrooms",
-"RomansInSussex.co.uk",
-"http://www.cum.qc.ca/",
-"Craig Cockburn, Software Specialist",
-"Linda Callahan",
-"Dr. Herman I. Libshitz",
-"magna cum laude",
-"Super Bowl XXX",
-"medieval erection of parapets",
-"evaluate",
-"mocha",
-"expression",
-"Arsenal canal",
-"classic",
-"Tyson Gay",
-"Dick Van Dyke",
-"basement",
-
-// Human injection
-//
-// Strings which may cause human to reinterpret worldview
-
-"If you're reading this, you've been in a coma for almost 20 years now. We're trying a new technique. We don't know where this message will end up in your dream, but we hope it works. Please wake up, we miss you.",
-
-// Terminal escape codes
-//
-// Strings which punish the fools who use cat/type on this file
-
-"Roses are red, violets are blue. Hope you enjoy terminal hue",
-"But now...for my greatest trick...",
-"The quick brown fox... [Beeeep]",
-
-// iOS Vulnerabilities
-//
-// Strings which crashed iMessage in various versions of iOS
-
-"Power￙ト￙マ￙ト￙マ￘ᄉ￙ム￘ᄄ￙マ￙ト￙マ￙ト￘ᄉ￙ム￘ᄄ￙マ￘ᄆ￘ᄆ￙ヒ ¢ᆬᆪ ¢ᆬᆪh ¢ᆬᆪ ¢ᆬᆪ¥ニラ",
-"￰゚マᄈ0￰゚フネ￯ᄌマ"
-}; \ No newline at end of file
+ // sourced from https://raw.githubusercontent.com/minimaxir/big-list-of-naughty-strings/master/blns.txt
+
+ // Reserved Strings
+ //
+ // Strings which may be used elsewhere in code
+
+ "undefined", "undef", "null", "NULL", "(null)", "nil", "NIL", "true", "false", "True", "False", "TRUE", "FALSE", "None", "hasOwnProperty", "\\", "\\\\",
+
+ // Numeric Strings
+ //
+ // Strings which can be interpreted as numeric
+
+ "0", "1", "1.00", "$1.00", "1/2", "1E2", "1E02", "1E+02", "-1", "-1.00", "-$1.00", "-1/2", "-1E2", "-1E02", "-1E+02", "1/0", "0/0", "-2147483648/-1",
+ "-9223372036854775808/-1", "-0", "-0.0", "+0", "+0.0", "0.00", "0..0", ".", "0.0.0", "0,00", "0,,0", ",", "0,0,0", "0.0/0", "1.0/0.0", "0.0/0.0", "1,0/0,0",
+ "0,0/0,0", "--1", "-", "-.", "-,", "999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999", "NaN", "Infinity",
+ "-Infinity", "INF", "1#INF", "-1#IND", "1#QNAN", "1#SNAN", "1#IND", "0x0", "0xffffffff", "0xffffffffffffffff", "0xabad1dea",
+ "123456789012345678901234567890123456789", "1,000.00", "1 000.00", "1'000.00", "1,000,000.00", "1 000 000.00", "1'000'000.00", "1.000,00", "1 000,00",
+ "1'000,00", "1.000.000,00", "1 000 000,00", "1'000'000,00", "01000", "08", "09", "2.2250738585072011e-308",
+
+ // Special Characters
+ //
+ // ASCII punctuation. All of these characters may need to be escaped in some
+ // contexts. Divided into three groups based on (US-layout) keyboard position.
+
+ ",./;'[]\\-=", "<>?:\"{}|_+", "!@#$%^&*()`~",
+
+ // Non-whitespace C0 controls: U+0001 through U+0008, U+000E through U+001F,
+ // and U+007F (DEL)
+ // Often forbidden to appear in various text-based file formats (e.g. XML),
+ // or reused for internal delimiters on the theory that they should never
+ // appear in input.
+ // The next line may appear to be blank or mojibake in some viewers.
+ "",
+
+ // Non-whitespace C1 controls: U+0080 through U+0084 and U+0086 through U+009F.
+ // Commonly misinterpreted as additional graphic characters.
+ // The next line may appear to be blank, mojibake, or dingbats in some viewers.
+ "ᅡタᅡチᅡツᅡテᅡトᅡニᅡヌᅡネᅡノᅡハᅡヒᅡフᅡヘᅡホᅡマᅡミᅡムᅡメᅡモᅡヤᅡユᅡヨᅡラᅡリᅡルᅡレᅡロᅡワᅡンᅡ゙ᅡ゚",
+
+ // Whitespace: all of the characters with category Zs, Zl, or Zp (in Unicode
+ // version 8.0.0), plus U+0009 (HT), U+000B (VT), U+000C (FF), U+0085 (NEL),
+ // and U+200B (ZERO WIDTH SPACE), which are in the C categories but are often
+ // treated as whitespace in some contexts.
+ // This file unfortunately cannot express strings containing
+ // U+0000, U+000A, or U+000D (NUL, LF, CR).
+ // The next line may appear to be blank or mojibake in some viewers.
+ // The next line may be flagged for \"trailing whitespace\" in some viewers.
+ " ", " ᅡナ £レタ¬タタ¬タチ¬タツ¬タテ¬タト¬タナ¬タニ¬タヌ¬タネ¬タノ¬タハ¬タヒ¬タᄄ¬タᄅ¬タᆵ¬チ゚ ̄タタ",
+
+ // Unicode additional control characters: all of the characters with
+ // general category Cf (in Unicode 8.0.0).
+ // The next line may appear to be blank or mojibake in some viewers.
+ "ᅡᆳ￘タ￘チ￘ツ￘テ￘ト￘ナ￘ワᅴンᅵマ£ᅠホ¬タヒ¬タフ¬タヘ¬タホ¬タマ¬タᆰ¬タᆱ¬タᆲ¬タᆳ¬タᆴ¬チᅠ¬チᄀ¬チᄁ¬チᆪ¬チᄂ¬チᆭ¬チᄃ¬チᄄ¬チᄅ¬チᆰ¬チᆱ¬チᆲ¬チᆳ¬チᆴ¬チᆵ￯ᄏ﾿￯"
+ "﾿ᄍ￯﾿ᄎ￯﾿ᄏ￰ムツᄑ￰ロᄇᅠ￰ロᄇᄀ￰ロᄇᄁ￰ロᄇᆪ￰ンナᄈ￰ンナᄡ￰ンナᄉ￰ンナᄊ￰ンナᄋ￰ンナᄌ￰ンナᄍ￰ンナᄎ￳ᅠタチ￳ᅠタᅠ￳ᅠタᄀ￳ᅠタᄁ￳ᅠタᆪ￳ᅠタᄂ￳ᅠ"
+ "タᆬ￳ᅠタᆭ￳ᅠタᄃ￳ᅠタᄄ￳ᅠタᄅ￳ᅠタᆰ￳ᅠタᆱ￳ᅠタᆲ￳ᅠタᆳ￳ᅠタᆴ￳ᅠタᆵ￳ᅠタᄚ￳ᅠタᄆ￳ᅠタᄇ￳ᅠタᄈ￳ᅠタᄡ￳ᅠタᄉ￳ᅠタᄊ￳ᅠタᄋ￳ᅠタᄌ"
+ "￳ᅠタᄍ￳ᅠタᄎ￳ᅠタᄏ￳ᅠタᄐ￳ᅠタᄑ￳ᅠタᄒ￳ᅠタ﾿￳ᅠチタ￳ᅠチチ￳ᅠチツ￳ᅠチテ￳ᅠチト￳ᅠチナ￳ᅠチニ￳ᅠチヌ￳ᅠチネ￳ᅠチノ￳ᅠチハ￳ᅠチヒ"
+ "￳ᅠチフ￳ᅠチヘ￳ᅠチホ￳ᅠチマ￳ᅠチミ￳ᅠチム￳ᅠチメ￳ᅠチモ￳ᅠチヤ￳ᅠチユ￳ᅠチヨ￳ᅠチラ￳ᅠチリ￳ᅠチル￳ᅠチレ￳ᅠチロ￳ᅠチワ￳ᅠチン￳ᅠヂ"
+ "￳ᅠチ゚￳ᅠチᅠ￳ᅠチᄀ￳ᅠチᄁ￳ᅠチᆪ￳ᅠチᄂ￳ᅠチᆬ￳ᅠチᆭ￳ᅠチᄃ￳ᅠチᄄ￳ᅠチᄅ￳ᅠチᆰ￳ᅠチᆱ￳ᅠチᆲ￳ᅠチᆳ￳ᅠチᆴ￳ᅠチᆵ￳ᅠチᄚ￳ᅠチᄆ"
+ "￳ᅠチᄇ￳ᅠチᄈ￳ᅠチᄡ￳ᅠチᄉ￳ᅠチᄊ￳ᅠチᄋ￳ᅠチᄌ￳ᅠチᄍ￳ᅠチᄎ￳ᅠチᄏ￳ᅠチᄐ￳ᅠチᄑ￳ᅠチᄒ￳ᅠチ"
+ "﾿",
+
+ // \"Byte order marks\", U+FEFF and U+FFFE, each on its own line.
+ // The next two lines may appear to be blank or mojibake in some viewers.
+ "￯ᄏ﾿", "￯﾿ᄒ",
+
+ // Unicode Symbols
+ //
+ // Strings which contain common unicode symbols (e.g. smart quotes)
+
+ "ᅫᄅ¬ノネᅢᄃ¬ネレ¬ネᆱᅨワᅡᄉ¬ノᄂ¬ノᆬᅢᄋ", "ᅢᆬᅢ゚¬ネツᅥメᅡ례ル¬ネニᅨレᅡᆲ¬タᆭᅢᆭ", "ᅤモ¬ネムᅡᄡᅡᆴ¬タᅠᅡᆬᅡ뗴ニᅢ죄タ¬タワ¬タリ",
+ "ᅡᄀ¬ト깏ᅡᄁ¬ネ゙ᅡ다ᄊ¬タ깕ᅡᄎ¬タモ¬ノᅠ",
+ "ᅡ졔ロᅢヌ¬ラハᅣ몌ワᅢツᅡᆵᅨリᅡ﾿", "ᅢナᅢヘᅢホᅢマᅨンᅢモᅢヤ￯ᆪ﾿ᅢメᅢレᅢニ¬リテ",
+ "ᅤメ¬ダᅡᄡ¬タᄚᅨヌᅢチᅡ뗴ニᅢリ¬ネマ¬タン¬タル", "`¬チト¬ツᆲ¬タᄍ¬タᄎ￯ᆲチ￯ᆲツ¬タ가ᄚᅡᄋ¬タレ¬タヤᅡᄆ",
+ "¬ナロ¬ナワ¬ナン¬ナ゙",
+ "￐チ￐ツ￐テ￐ト￐ナ￐ニ￐ヌ￐ネ￐ノ￐ハ￐ヒ￐フ￐ヘ￐ホ￐マ￐ミ￐ム￐メ￐モ￐ヤ￐ユ￐ヨ￐ラ￐リ￐ル￐レ￐ロ￐ワ￐ン￐゙￐゚￐ᅠ￐ᄀ￐ᄁ￐ᆪ￐ᄂ￐ᆬ￐ᆭ"
+ "￐ᄃ￐ᄄ￐ᄅ￐ᆰ￐ᆱ￐ᆲ￐ᆳ￐ᆴ￐ᆵ￐ᄚ￐ᄆ￐ᄇ￐ᄈ￐ᄡ￐ᄉ￐ᄊ￐ᄋ￐ᄌ￐ᄍ￐ᄎ￐ᄏ￐ᄐ￐ᄑ￐ᄒ￐﾿￑タ￑チ￑ツ￑テ￑ト￑ナ￑ニ￑ヌ￑ネ￑ノ￑ハ￑ヒ￑フ"
+ "￑ヘ￑ホ￑マ",
+ "￙ᅠ￙ᄀ￙ᄁ￙ᆪ￙ᄂ￙ᆬ￙ᆭ￙ᄃ￙ᄄ￙ᄅ",
+
+ // Unicode Subscript/Superscript/Accents
+ //
+ // Strings which contain unicode subscripts/superscripts; can cause rendering issues
+
+ "¬チᄚ¬チᄡ¬チᄉ", "¬ツタ¬ツチ¬ツツ", "¬チᄚ¬チᄡ¬チᄉ¬ツタ¬ツチ¬ツツ",
+ "¢ᄌヤ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢"
+ "ᄍノ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍヌ¢ᄍヌ"
+ "¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ "
+ "¢ᄌヤ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢"
+ "ᄍノ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍヌ¢ᄍヌ"
+ "¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ "
+ "¢ᄌヤ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢"
+ "ᄍノ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍヌ¢ᄍヌ"
+ "¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍノ¢ᄍヌ¢ᄍヌ¢ᄍヌ¢ᄍヌ",
+
+ // Quotation Marks
+ //
+ // Strings which contain misplaced quotation marks; can cause encoding errors
+
+ "'", "\"", "''", "\"\"", "'\"'", "\"''''\"'\"", "\"'\"'\"''''\"", "<foo val=¬タワbar¬タン />", "<foo val=¬タワbar¬タン />", "<foo val=¬タンbar¬タワ />",
+ "<foo val=`bar' />",
+
+ // Two-Byte Characters
+ //
+ // Strings which contain two-byte characters: can cause rendering issues or character-length issues
+
+ "￧ヤᄚ¦ᄌᆳ ̄チユ ̄ツモ ̄チᆱ ̄チツ ̄チメ ̄チᆭ¦ᄌヒ ̄チユ ̄チト", " ̄テム ̄テᄐ ̄テニ ̄ツᆪ ̄テᄐ ̄チᄌ│ᄀフ ̄チヒ ̄チᆰ ̄チト ̄チヒ",
+ "¥メフ│ᆪᄑ₩ᄐᄁ│ᆰ゙", "←テᄄ│ミᄑ₩ᅠᄐ", "↓ツᆲ■レフ↑ᄈᄐ■ユル↓ロミ ↓ヨᄡ■ユル↓ラᄚ↑ᄉᆲ↓ニフ",
+ "↓ᄚᆭ↓ᄚᄄ→ᆬᄐ ■テタ↑ᄈᅠ ↓リᄄ ■ホᄇ↓ヒワ→ᄃᄄ↑ᄈᄐ ↓ムロ→ヒᄂ→ᆭᆲ "
+ "→リᅠ→ᄚᄅ↑ᄚチ■ユリ",
+ "￧ᄂᄒ₩ワテ￧ᄃム¥ᆳᄌ←ルᄁ│ᆰ゙¥ᆳᄌ￧ᅠヤ￧ᄅᄊ₩ノタ", "↓レᄌ→゙タ→ᄚヤ■ニᅠ→ᆬᄡ",
+ "￰ᅠワホ￰ᅠワᄆ￰ᅠンᄍ￰ᅠᄆモ￰ᅠᄆᄌ￰ᅠᄇヨ￰ᅠᄈマ",
+
+ // Changing length when lowercased
+ //
+ // Characters which increase in length (2 to 3 bytes) when lowercased
+ // Credit: https://twitter.com/jifa/status/625776454479970304
+
+ "￈ᄎ", "￈ᄒ",
+
+ // Japanese Emoticons
+ //
+ // Strings which consists of Japanese-style emoticons which are popular on the web
+
+ " ̄テᄑ¢ᄐᄐ¢ᄎネ￙トᅪワ¢ᄎネ¢ᄐᄑ￯ᄒノ  ̄テᄑ¢ᄐᄐ¢ᄎネ￙トᅪワ¢ᄎネ¢ᄐᄑ￯ᄒノ",
+ "(￯ᄑᄀ¬ラユ ¬ネタ ¬ラユ￯ᄑᄀ)", "￯ᄑタ￯ᄑᄄ(ᅡᄡ¬ネタ￯ᄑタ¬ネᄅ", "__￯ᄒロ(,_,*)",
+ " ̄テᄏ(￯﾿ᆪ¬ネタ￯﾿ᆪ) ̄テᄏ:*:",
+ "￯ᄒ゚￯ᄑᆬ¬ワ﾿ ̄テᄒ¬ユᄇ(￯ᄑᄀ¬ラユ¬タ﾿¬ラユ￯ᄑᄀ)¬ユᄆ¬ワ﾿￯ᄑᆬ￯ᄒ゚",
+ ", ̄タツ ̄テᄏ:*: ̄テᄏ ̄ツワ¬タル( ¬リᄏ ᅬノ ¬リᄏ ) ̄タツ ̄テᄏ:*: ̄テᄏ ̄ツワ¬タル",
+ "(¬ユᆵᅡᄚ¬ヨ가ᄚ￯ᄐノ¬ユᆵ￯ᄌᄉ ¬ヤᄏ¬ヤチ¬ヤᄏ)",
+ "(￯ᄒノ¢ᄇᆬ￧ロハ¢ᄇᆬ￯ᄐノ￯ᄒノ￯ᄏ﾿ ¬ヤᄏ¬ヤチ¬ヤᄏ", "¬ヤᆲ¬ヤタ¬ヤᆲ ̄テホ( ᅡᄎ _ ᅡᄎ ̄テホ)", "( ᅪ가ᄚ ᅪワᅧヨ ᅪ가ᄚ)",
+
+ // Emoji
+ //
+ // Strings which contain Emoji; should be the same behavior as two-byte characters, but not always
+
+ "￰゚リヘ", "￰゚ムᄅ￰゚マᄑ", "￰゚ムᄒ ￰゚ルヌ ￰゚メチ ￰゚ルナ ￰゚ルニ ￰゚ルヒ ￰゚ルホ ￰゚ルヘ",
+ "￰゚ミᄉ ￰゚ルネ ￰゚ルノ ￰゚ルハ",
+ "¬ンᄂ￯ᄌマ ￰゚メヤ ￰゚メフ ￰゚メユ ￰゚メ゙ ￰゚メモ ￰゚メラ ￰゚メヨ ￰゚メリ ￰゚メン ￰゚メ゚ ￰゚メワ ￰゚メロ ￰゚メレ "
+ "￰゚メル",
+ "¬ワヒ￰゚マ﾿ ￰゚メᆰ￰゚マ﾿ ￰゚ムミ￰゚マ﾿ ￰゚ルフ￰゚マ﾿ ￰゚ムマ￰゚マ﾿ ￰゚ルマ￰゚マ﾿",
+ "￰゚レᄒ ￰゚ニメ ￰゚ニモ ￰゚ニユ ￰゚ニヨ ￰゚ニラ ￰゚ニル ￰゚マᄃ",
+ "0￯ᄌマ¬テᆪ 1￯ᄌマ¬テᆪ 2￯ᄌマ¬テᆪ 3￯ᄌマ¬テᆪ 4￯ᄌマ¬テᆪ 5￯ᄌマ¬テᆪ 6￯ᄌマ¬テᆪ 7￯ᄌマ¬テᆪ 8￯ᄌマ¬テᆪ 9￯ᄌマ¬テᆪ "
+ "￰゚ヤ゚",
+
+ // Regional Indicator Symbols
+ //
+ // Regional Indicator Symbols can be displayed differently across
+ // fonts, and have a number of special behaviors
+
+ "￰゚ヌᄎ￰゚ヌᄌ￰゚ヌᄋ￰゚ヌᄎ￰゚ヌᄌ ￰゚ヌᆭ￰゚ヌᆱ￰゚ヌᆭ￰゚ヌᄇ￰゚ヌᄌ",
+ "￰゚ヌᄎ￰゚ヌᄌ￰゚ヌᄋ￰゚ヌᄎ￰゚ヌᄌ￰゚ヌᆭ￰゚ヌᆱ￰゚ヌᆭ￰゚ヌᄇ",
+ "￰゚ヌᄎ￰゚ヌᄌ￰゚ヌᄋ￰゚ヌᄎ￰゚ヌᄌ￰゚ヌᆭ",
+
+ // Unicode Numbers
+ //
+ // Strings which contain unicode numbers; if the code is localized, it should see the input as numeric
+
+ "￯ᄐム￯ᄐメ￯ᄐモ", "￙ᄀ￙ᄁ￙ᆪ",
+
+ // Right-To-Left Strings
+ //
+ // Strings which contain text that should be rendered RTL if possible (e.g. Arabic, Hebrew)
+
+ "￘ᆱ￙ナ ￙ニ￙チ￘ᄈ ￘ᄈ￙ツ￘ᄋ￘ᆰ ￙ネ￘ᄄ￘ᄃ￙ト￘ᆰ￘ᆳ￘ᆵ￙ハ￘ᆵ￘フ, ￘ᆲ￘ᄇ￙ハ￘ᄆ￘ᆰ￙ハ ￘ᄄ￘ᄃ￘ᄈ￘ᆰ￘ᆴ￘ᆵ￘ᄃ￙ナ ￘ᆪ￙ニ "
+ "￘ᆵ￙ニ￙ネ. ￘ᆬ￘ᄚ ￙ヌ￙ニ￘ᄃ￘゚ ￘ᄃ￙ト￘ᄈ￘ᆰ￘ᄃ￘ᄆ ￙ネ￘ᆰ￙ニ￘ᄉ￙ハ￘ᄄ ￙テ￘ᄃ￙ニ. ￘ᆪ￙ヌ￙ム￙ト ￘ᄃ￙ハ￘ᄋ￘ᄃ￙ト￙ハ￘ᄃ￘フ "
+ "￘ᄄ￘ᄆ￙ハ￘ᄋ￘ᄃ￙ニ￙ハ￘ᄃ-￙チ￘ᄆ￙ニ￘ᄈ￘ᄃ ￙ツ￘ᆵ ￘ᆪ￘ᆴ￘ᄚ. ￘ᄈ￙ト￙ハ￙ナ￘ᄃ￙ニ￘フ ￘ᆬ￘ᆰ￙チ￘ᄃ￙ツ￙ハ￘ᄅ ￘ᄄ￙ハ￙ニ "
+ "￙ナ￘ᄃ, ￙ハ￘ᄚ￙テ￘ᄆ ￘ᄃ￙ト￘ᆳ￘ᆵ￙ネ￘ᆵ ￘ᆪ￙ハ ￘ᄄ￘ᄍ￘ᆵ, ￙ナ￘ᄍ￘ᄃ￙ナ￙ト￘ᄅ ￘ᄄ￙ネ￙ト￙ニ￘ᆵ￘ᄃ￘フ "
+ "￘ᄃ￙ト￘ᆬ￘ᄋ￙ト￘ᄃ￙ツ ￘ᄍ￙ト ￘ᆬ￙ハ￙ネ.",
+ "ᅲムᅱᄚᅱ튜뛰슈ミᅲ뤼ᄡᅲチᅲルᅲᆰ, ᅲムᅱ쥐튜뛰쥬ミ ᅲミᅱ뮤ワᅱ쮸ヤᅱᄡᅲルᅲン, ᅲミᅱ슑 ᅲヤᅱ유뤼쥐튜チᅲ゙ᅱ유ルᅱᄡᅲン, ᅲユᅱᄚᅲミᅱ슑 ᅲヤᅱ쥬ミᅱ쥬뛰쓙",
+ "ᅲヤᅱ쥬ルᅱᄚᅲᆰᅱ쥬ヤtest￘ᄃ￙ト￘ᄉ￙チ￘ᆳ￘ᄃ￘ᆰ ￘ᄃ￙ト￘ᆰ￙ム￘ᆳ￙ネ￙ト", "￯ᄋᄑ",
+ "￯ᄋᄎ",
+ "￙ナ￙マ￙ニ￙ホ￘ᄃ￙ツ￙ホ￘ᄡ￙ホ￘ᄅ￙マ ￘ᄈ￙マ￘ᄄ￙マ￙ト￙ミ ￘ᄃ￙ミ￘ᄈ￙メ￘ᆰ￙ミ￘ᆴ￙メ￘ᆵ￙ホ￘ᄃ￙ナ￙ミ "
+ "￘ᄃ￙ト￙ト￙ム￙マ￘ᄎ￙ホ￘ᄅ￙ミ ￙チ￙ミ￙ハ ￘ᄃ￙ト￙ニ￙ム￙マ￘ᄌ￙マ￙ナ￙ミ ￘ᄃ￙ト￙メ￙ツ￙ホ￘ᄃ￘ᆭ￙ミ￙ナ￙ホ￘ᄅ￙ミ "
+ "￙ネ￙ホ￙チ￙ミ￙ハ￙ナ ￙ハ￙ホ￘ᆴ￙マ￘ᄉ￙ム￙ホ ￘ᄃ￙ト￘ᆰ￙ム￙ホ￘ᄋ￙メ￘ᄄ￙ミ￙ハ￙ツ￙ホ￘ᄃ￘ᆰ￙マ "
+ "￘ᄃ￙ト￙メ￘ᆳ￘ᄃ￘ᄈ￙マ￙ネ￘ᄄ￙ミ￙ハ￙ム￙ホ￘ᄅ￙マ￘フ ",
+
+ // Trick Unicode
+ //
+ // Strings which contain unicode with unusual properties (e.g. Right-to-left override) (c.f. http://www.unicode.org/charts/PDF/U2000.pdf)
+
+ "¬タᆰ¬タᆰtest¬タᆰ", "¬タᆱtest¬タᆱ", "¬タᄅtest¬タᄅ", "test¬チᅠtest¬タᆱ", "¬チᆭtest¬チᄃ",
+
+ // Zalgo Text
+ //
+ // Strings which contain \"corrupted\" text. The corruption will not appear in non-HTML text, however. (via http://www.eeemo.net)
+
+ "£ᄍᄚᅩ초초ユoᅪ゙ ᅩᄋiᅩ볿ᅪヌᅩᆰᅪルnᅩンᅩラᅪユvᅩ゚ᅩワᅩリᅩᆭᅪ゚oᅩ쏘ルᅩᄚᅩᅠkᅢ똬レᅩᆴᅩ촑ᅩ쪼모ᄂ ᅩヨtᅩンᅪユᅩ뽃ᅩ콝ᅪ゙hᅩ톼モᅩ볺ᅩ뽀リᅩᄇeᅪヌᅩᆪᅩᄚᅩᆭᅩᆲᅪホ "
+ "ᅩ꼬토코모リhᅪレᅪホᅪルᅩワᅩᆪᅩ봐ナiᅩᆭᅩ볷ᅩᄚᅩᄂvᅩ콰ヘeᅩ촔ᅩ뽉ᅩᄚ-mᅩᄁiᅪナnᅩヨᅩ초゙ᅩ봂ᅩᄚdᅩ소토゚ᅪルᅩ로토リᅩᄈ "
+ "ᅩ゙ᅩᆬᅩ모뽌rᅩロᅩラᅩリeᅪルpᅪᅠrᅩ토゙ᅩ콠ᅩラeᅩ초ᅠᅩᆪᅪ゚sᅩリᅪヌᅩ뽜ヘᅩンᅪノeᅪノᅩᆬᅩᆵᅩ゙ᅩ봐レᅩᆲᅪワᅦ쫇ᅪホᅪホᅩ゚ᅩヨᅪヌᅩᄂtᅪヘᅩᆲᅩ놔モᅩ톬ᅪリᅪナiᅩᆰᅩᄆnᅪᅠgᅩᄡᅪノ "
+ "ᅪマᅪノᅪナcᅩᆲᅩ゚hᅪᄀaᅩᆱᅩ콢ᅪリoᅩᆱᅩ゚ᅩヨᅪヘᅩルᅩンᅪノsᅩラᅩᆭᅩᄇ.ᅩ또쫘ネᅩᆪ",
+ "ᅩ과モᅩ゙ᅪナIᅩラᅩリᅩᆭᅪンnᅪヌᅪヌᅪルvᅩᆴᅩᆱokᅩ볾ᅩルᅪネiᅩヨᅪルᅩᆳᅩ쪼ᅠᅩ゙nᅩ고콡ᅩᆪᅩᄎgᅩ봐ネᅪルᅩᆳᅪルᅩᆲᅪホ ᅩᄚtᅪヤᅩᆭhᅩ゙ᅩᄇeᅩ꼬ᄂ "
+ "ᅪヘᅩᆲᅩ봐ヨfᅩᄡᅩリᅪユᅩᆪᅢ똬ヨ£ᄎ쫁ᅩᄅlᅪヨᅪヤᅪレiᅪモᅪレᅩᆭᅪᅠnᅪヨᅪヘᅩラᅪモᅩ뽍gᅪヘ ᅩᄄoᅪレᅩᆰᅪᄀfᅩリᅩᆪᅩᆲ "
+ "ᅩヨᅩリᅪヨᅩ゚ᅪルᅩᆴcᅭノᅪヤᅩᆱᅪヨᅪモᅪヌᅪヨᅪナhᅩ소녻ᅪレᅪヤᅢ고ラᅩ톼ユᅪナoᅩ톣ᅩᆬsᅩ뫄ネᅩ초ヨᅩᆭᅩ콰ᄁ."
+ "ᅩロᅩヨᅩ゙ᅩᅠᅩᆱᅩᄚ",
+ "ᅩラᅩ촤ヨᅩ쫊ᅪモ£ᄍᆴᅩ놔ヘᅩᆬᅪヌᅪネhᅩ보チeᅪマᅪモᅩ토ラᅩルᅩ톣ᅪヤ "
+ "ᅪヌᅩワᅩ모ᅠᅪモᅪヘᅪナNᅪユᅪᅠeᅩラᅩᄆzᅩリᅩンᅩワᅩ촤ルpᅩ노초쫘ヘᅩᆵᅪレeᅩᅠᅩ코ᅠᅪワrᅩ또놔ヘᅩ초ヨᅪヤᅩヨᅩヨdᅩᅠᅩ゚ᅩᆳᅩᆲᅩンᅪ゚iᅩᆭᅪヨᅩ롸モᅪヤᅩᄂaᅩᅠᅩラᅩᆲᅪノᅩルnᅪレᅪワ "
+ "ᅩ코゙ᅩᄚᅪレᅪナhᅩ솨ノiᅩ뽀゙vᅩ꽈ヌ£ᄌルᅪホᅪ゚-ᅭノᅩᆳᅩ로톼ヤmᅩ놄ᅩᆱiᅪユᅪヌᅩンᅩᆭnᅩラᅪル£ᄌヘᅩ゚ ᅩᆵᅩ봐ユᅪ゙ᅦᆱᅩ゚ᅩᆵᅩᄚᅩ봐ルᅩ코ンf "
+ "ᅩᆰᅩᄚᅩᄚᅩラᅩヨᅩᆳᅩリᅪリcᅩᆭᅪヘᅩ보゙ᅪヘᅩ로ル£ᄌᆬᅪレaᅩᆴᅪホᅩ゚ᅩルᅪワᅥ고로쫘ホsᅩᄂ.ᅩンᅩン ᅭノZᅩ고ヨᅩワᅪヨᅩᄚᅩᆪᅪノᅩワaᅪヨᅩᄚᅪルᅩᆲᅪᄀlᅩ볾ᅩ뽜ヘᅩᄅgᅩ고゚ᅩ토뫄レᅩ゙ᅩᆲᅪナoᅩラᅪワ.ᅩ゚",
+ "ᅩᆭHᅩᆲᅩ노ラᅩ놔ンeᅪワ ᅩワᅩᆬᅩンᅩ콰ヘᅩ゚ᅩチwᅩユhᅩヨᅩᆵᅪモoᅩンᅪルᅩヨᅪホᅩ몵 ᅭノᅩ초ルᅩ゙ᅩ゚ᅪネWᅩ오톬aᅩ촑ᅪヘᅣᆵᅪネᅪユᅩᆳᅪルᅩᆵᅩワtᅩ쏘톭sᅩリᅪルᅪヨᅩユ "
+ "ᅩᅠᅩᆱᅩᅠBᅩ콰ヘᅪルᅪノᅩ뽜ナeᅩᄉhᅩ솗ᅪヌᅩᆱᅪルiᅩ쫘モᅩ뽀뽍ᅪホᅩᆱᅩユnᅪ゚dᅩᄡᅩᆰᅩワᅩヨ ᅩᄚᅪノᅩ롸ヌᅪルᅩ봐゙ᅪナTᅪヨᅩ톼モᅩᆰᅪᄁhᅪマᅪモᅩᆴᅩᄏeᅩᆲᅩンᅩ゚ᅪナ "
+ "ᅩ노쪼ンWᅪルᅩ゙ᅩンᅪヤᅪヌᅪンᅪナaᅪマᅪモᅪヤᅩ쪼톣lᅩᄡᅪヤᅩᄚᅩ노゚ᅪヤ£ᄌ폶.ᅪユ",
+ "Zᅩᆴᅩ゙ᅩᅠᅪルᅪヤᅪナ£ᄌタᅩラᅩ゙ᅪネᅩ코ラ£ᄌ쏴ルᅪホᅩᆵᅩ쪼゙ᅪモGᅩᄏOᅩᆳᅩラᅩᆴ",
+
+ // Unicode Upsidedown
+ //
+ // Strings which contain unicode with an \"upsidedown\" effect (via http://www.upsidedowntext.com)
+
+ "ᅨル￉ミnb£ᄡノl￉ミ ￉ミuᅥテ￉ミ￉ᆵ ᅦン￉ᄍolop ᅧヌᅦン ᅦン￉ᄍoq￉ミl ᅧヌn ᅧヌunp£ᄡノp£ᄡノ￉ヤu£ᄡノ ￉ᄍod￉ᆵᅦンᅧヌ po￉ᆵsn£ᄡノᅦン op pᅦンs 'ᅧヌ£ᄡノlᅦン "
+ "ᅥテu£ᄡノ￉ヤs£ᄡノd£ᄡノp￉ミ ￉ᄍnᅧヌᅦンᅧヌ￉ヤᅦンsuo￉ヤ 'ᅧヌᅦン￉ᆵ￉ミ ᅧヌ£ᄡノs ￉ᄍolop ￉ᆵnsd£ᄡノ "
+ "￉ᆵᅦン￉ᄍoᅨᆬ",
+ "00ᅨルᅥヨ$-",
+
+ // Unicode font
+ //
+ // Strings which contain bold/italic/etc. versions of normal characters
+
+ "￯ᄐᄡ￯ᄑネ￯ᄑナ ￯ᄑム￯ᄑユ￯ᄑノ￯ᄑテ￯ᄑヒ ￯ᄑツ￯ᄑメ￯ᄑマ￯ᄑラ￯ᄑホ ￯ᄑニ￯ᄑマ￯ᄑリ ￯ᄑハ￯ᄑユ￯ᄑヘ￯ᄑミ￯ᄑモ ￯ᄑマ￯ᄑヨ￯ᄑナ￯ᄑメ ￯ᄑヤ￯ᄑネ￯ᄑナ "
+ "￯ᄑフ￯ᄑチ￯ᄑレ￯ᄑル ￯ᄑト￯ᄑマ￯ᄑヌ",
+ "￰ンミモ￰ンミᄀ￰ンミ゙ ￰ンミᆰ￰ンミᆴ￰ンミᄁ￰ンミワ￰ンミᄂ ￰ンミロ￰ンミᆱ￰ンミᄄ￰ンミᄚ￰ンミᄃ ￰ンミ゚￰ンミᄄ￰ンミᄆ ￰ンミᆪ￰ンミᆴ￰ンミᆭ￰ンミᄅ￰ンミᆲ "
+ "￰ンミᄄ￰ンミᆵ￰ンミ゙￰ンミᆱ ￰ンミᆳ￰ンミᄀ￰ンミ゙ ￰ンミᆬ￰ンミレ￰ンミᄈ￰ンミᄇ "
+ "￰ンミン￰ンミᄄ￰ンミᅠ",
+ "￰ンユ﾿￰ンヨヘ￰ンヨハ ￰ンヨヨ￰ンヨレ￰ンヨホ￰ンヨネ￰ンヨミ ￰ンヨヌ￰ンヨラ￰ンヨヤ￰ンヨワ￰ンヨモ ￰ンヨヒ￰ンヨヤ￰ンヨン ￰ンヨマ￰ンヨレ￰ンヨメ￰ンヨユ￰ンヨリ "
+ "￰ンヨヤ￰ンヨロ￰ンヨハ￰ンヨラ ￰ンヨル￰ンヨヘ￰ンヨハ ￰ンヨム￰ンヨニ￰ンヨ゚￰ンヨ゙ "
+ "￰ンヨノ￰ンヨヤ￰ンヨフ",
+ "￰ンムᄏ￰ンメノ￰ンメニ ￰ンメメ￰ンメヨ￰ンメハ￰ンメト￰ンメフ ￰ンメテ￰ンメモ￰ンメミ￰ンメリ￰ンメマ ￰ンメヌ￰ンメミ￰ンメル ￰ンメヒ￰ンメヨ￰ンメホ￰ンメム￰ンメヤ "
+ "￰ンメミ￰ンメラ￰ンメニ￰ンメモ ￰ンメユ￰ンメノ￰ンメニ ￰ンメヘ￰ンメツ￰ンメロ￰ンメレ "
+ "￰ンメナ￰ンメミ￰ンメネ",
+ "￰ンモᆪ￰ンモᄆ￰ンモᆴ ￰ンモᄎ￰ンモᄒ￰ンモᄇ￰ンモᆲ￰ンモᄡ ￰ンモᆱ￰ンモᄏ￰ンモᄌ￰ンヤタ￰ンモᄋ ￰ンモᆵ￰ンモᄌ￰ンヤチ ￰ンモᄈ￰ンモᄒ￰ンモᄊ￰ンモᄍ￰ンモᄐ "
+ "￰ンモᄌ￰ンモ﾿￰ンモᆴ￰ンモᄏ ￰ンモᄑ￰ンモᄆ￰ンモᆴ ￰ンモᄉ￰ンモᆰ￰ンヤテ￰ンヤツ "
+ "￰ンモᆳ￰ンモᄌ￰ンモᄚ",
+ "￰ンユヒ￰ンユル￰ンユヨ ￰ンユᄁ￰ンユᆭ￰ンユレ￰ンユヤ￰ンユワ ￰ンユモ￰ンユᆪ￰ンユᅠ￰ンユᄄ￰ンユ゚ ￰ンユラ￰ンユᅠ￰ンユᄅ ￰ンユロ￰ンユᆭ￰ンユ゙￰ンユᄀ￰ンユᄂ "
+ "￰ンユᅠ￰ンユᄃ￰ンユヨ￰ンユᆪ ￰ンユᆬ￰ンユル￰ンユヨ ￰ンユン￰ンユメ￰ンユᆱ￰ンユᆰ "
+ "￰ンユユ￰ンユᅠ￰ンユリ",
+ "￰ンレテ￰ンレム￰ンレホ ￰ンレレ￰ンレ゙￰ンレメ￰ンレフ￰ンレヤ ￰ンレヒ￰ンレロ￰ンレリ￰ンレᅠ￰ンレラ ￰ンレマ￰ンレリ￰ンレᄀ ￰ンレモ￰ンレ゙￰ンレヨ￰ンレル￰ンレワ "
+ "￰ンレリ￰ンレ゚￰ンレホ￰ンレロ ￰ンレン￰ンレム￰ンレホ ￰ンレユ￰ンレハ￰ンレᆪ￰ンレᄁ "
+ "￰ンレヘ￰ンレリ￰ンレミ",
+ "¬メᆵ¬メᆪ¬メᅠ ¬メᆲ¬メᄚ¬メᄂ¬メ゙¬メᆭ ¬メン¬メᆳ¬メᆰ¬メᄇ¬メᄅ ¬メᄀ¬メᆰ¬メᄈ ¬メᆬ¬メᄚ¬メᄄ¬メᆱ¬メᆴ ¬メᆰ¬メᄆ¬メᅠ¬メᆳ ¬メᆵ¬メᆪ¬メᅠ ¬メᄃ¬メワ¬メᄉ¬メᄡ "
+ "¬メ゚¬メᆰ¬メᄁ",
+
+ // Script Injection
+ //
+ // Strings which attempt to invoke a benign script injection; shows vulnerability to XSS
+
+ "<script>alert(123)</script>", "&lt;script&gt;alert(&#39;123&#39;);&lt;/script&gt;", "<img src=x onerror=alert(123) />",
+ "<svg><script>123<1>alert(123)</script>", "\"><script>alert(123)</script>", "'><script>alert(123)</script>", "><script>alert(123)</script>",
+ "</script><script>alert(123)</script>", "< / script >< script >alert(123)< / script >", " onfocus=JaVaSCript:alert(123) autofocus",
+ "\" onfocus=JaVaSCript:alert(123) autofocus", "' onfocus=JaVaSCript:alert(123) autofocus", "￯ᄐワscript￯ᄐ゙alert(123)￯ᄐワ/script￯ᄐ゙",
+ "<sc<script>ript>alert(123)</sc</script>ript>", "--><script>alert(123)</script>", "\";alert(123);t=\"", "';alert(123);t='", "JavaSCript:alert(123)",
+ ";alert(123);", "src=JaVaSCript:prompt(132)", "\"><script>alert(123);</script x=\"", "'><script>alert(123);</script x='", "><script>alert(123);</script x=",
+ "\" autofocus onkeyup=\"javascript:alert(123)", "' autofocus onkeyup='javascript:alert(123)",
+ "<script\\x20type=\"text/javascript\">javascript:alert(1);</script>", "<script\\x3Etype=\"text/javascript\">javascript:alert(1);</script>",
+ "<script\\x0Dtype=\"text/javascript\">javascript:alert(1);</script>", "<script\\x09type=\"text/javascript\">javascript:alert(1);</script>",
+ "<script\\x0Ctype=\"text/javascript\">javascript:alert(1);</script>", "<script\\x2Ftype=\"text/javascript\">javascript:alert(1);</script>",
+ "<script\\x0Atype=\"text/javascript\">javascript:alert(1);</script>", "'`\"><\\x3Cscript>javascript:alert(1)</script>",
+ "'`\"><\\x00script>javascript:alert(1)</script>", "ABC<div style=\"x\\x3Aexpression(javascript:alert(1)\">DEF",
+ "ABC<div style=\"x:expression\\x5C(javascript:alert(1)\">DEF", "ABC<div style=\"x:expression\\x00(javascript:alert(1)\">DEF",
+ "ABC<div style=\"x:exp\\x00ression(javascript:alert(1)\">DEF", "ABC<div style=\"x:exp\\x5Cression(javascript:alert(1)\">DEF",
+ "ABC<div style=\"x:\\x0Aexpression(javascript:alert(1)\">DEF", "ABC<div style=\"x:\\x09expression(javascript:alert(1)\">DEF",
+ "ABC<div style=\"x:\\xE3\\x80\\x80expression(javascript:alert(1)\">DEF", "ABC<div style=\"x:\\xE2\\x80\\x84expression(javascript:alert(1)\">DEF",
+ "ABC<div style=\"x:\\xC2\\xA0expression(javascript:alert(1)\">DEF", "ABC<div style=\"x:\\xE2\\x80\\x80expression(javascript:alert(1)\">DEF",
+ "ABC<div style=\"x:\\xE2\\x80\\x8Aexpression(javascript:alert(1)\">DEF", "ABC<div style=\"x:\\x0Dexpression(javascript:alert(1)\">DEF",
+ "ABC<div style=\"x:\\x0Cexpression(javascript:alert(1)\">DEF", "ABC<div style=\"x:\\xE2\\x80\\x87expression(javascript:alert(1)\">DEF",
+ "ABC<div style=\"x:\\xEF\\xBB\\xBFexpression(javascript:alert(1)\">DEF", "ABC<div style=\"x:\\x20expression(javascript:alert(1)\">DEF",
+ "ABC<div style=\"x:\\xE2\\x80\\x88expression(javascript:alert(1)\">DEF", "ABC<div style=\"x:\\x00expression(javascript:alert(1)\">DEF",
+ "ABC<div style=\"x:\\xE2\\x80\\x8Bexpression(javascript:alert(1)\">DEF", "ABC<div style=\"x:\\xE2\\x80\\x86expression(javascript:alert(1)\">DEF",
+ "ABC<div style=\"x:\\xE2\\x80\\x85expression(javascript:alert(1)\">DEF", "ABC<div style=\"x:\\xE2\\x80\\x82expression(javascript:alert(1)\">DEF",
+ "ABC<div style=\"x:\\x0Bexpression(javascript:alert(1)\">DEF", "ABC<div style=\"x:\\xE2\\x80\\x81expression(javascript:alert(1)\">DEF",
+ "ABC<div style=\"x:\\xE2\\x80\\x83expression(javascript:alert(1)\">DEF", "ABC<div style=\"x:\\xE2\\x80\\x89expression(javascript:alert(1)\">DEF",
+ "<a href=\"\\x0Bjavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+ "<a href=\"\\x0Fjavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+ "<a href=\"\\xC2\\xA0javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+ "<a href=\"\\x05javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+ "<a href=\"\\xE1\\xA0\\x8Ejavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+ "<a href=\"\\x18javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+ "<a href=\"\\x11javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+ "<a href=\"\\xE2\\x80\\x88javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+ "<a href=\"\\xE2\\x80\\x89javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+ "<a href=\"\\xE2\\x80\\x80javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+ "<a href=\"\\x17javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+ "<a href=\"\\x03javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+ "<a href=\"\\x0Ejavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+ "<a href=\"\\x1Ajavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+ "<a href=\"\\x00javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+ "<a href=\"\\x10javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+ "<a href=\"\\xE2\\x80\\x82javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+ "<a href=\"\\x20javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+ "<a href=\"\\x13javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+ "<a href=\"\\x09javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+ "<a href=\"\\xE2\\x80\\x8Ajavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+ "<a href=\"\\x14javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+ "<a href=\"\\x19javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+ "<a href=\"\\xE2\\x80\\xAFjavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+ "<a href=\"\\x1Fjavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+ "<a href=\"\\xE2\\x80\\x81javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+ "<a href=\"\\x1Djavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+ "<a href=\"\\xE2\\x80\\x87javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+ "<a href=\"\\x07javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+ "<a href=\"\\xE1\\x9A\\x80javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+ "<a href=\"\\xE2\\x80\\x83javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+ "<a href=\"\\x04javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+ "<a href=\"\\x01javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+ "<a href=\"\\x08javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+ "<a href=\"\\xE2\\x80\\x84javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+ "<a href=\"\\xE2\\x80\\x86javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+ "<a href=\"\\xE3\\x80\\x80javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+ "<a href=\"\\x12javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+ "<a href=\"\\x0Djavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+ "<a href=\"\\x0Ajavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+ "<a href=\"\\x0Cjavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+ "<a href=\"\\x15javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+ "<a href=\"\\xE2\\x80\\xA8javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+ "<a href=\"\\x16javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+ "<a href=\"\\x02javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+ "<a href=\"\\x1Bjavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+ "<a href=\"\\x06javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+ "<a href=\"\\xE2\\x80\\xA9javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+ "<a href=\"\\xE2\\x80\\x85javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+ "<a href=\"\\x1Ejavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+ "<a href=\"\\xE2\\x81\\x9Fjavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+ "<a href=\"\\x1Cjavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+ "<a href=\"javascript\\x00:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+ "<a href=\"javascript\\x3A:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+ "<a href=\"javascript\\x09:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+ "<a href=\"javascript\\x0D:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+ "<a href=\"javascript\\x0A:javascript:alert(1)\" id=\"fuzzelement1\">test</a>", "`\"'><img src=xxx:x \\x0Aonerror=javascript:alert(1)>",
+ "`\"'><img src=xxx:x \\x22onerror=javascript:alert(1)>", "`\"'><img src=xxx:x \\x0Bonerror=javascript:alert(1)>",
+ "`\"'><img src=xxx:x \\x0Donerror=javascript:alert(1)>", "`\"'><img src=xxx:x \\x2Fonerror=javascript:alert(1)>",
+ "`\"'><img src=xxx:x \\x09onerror=javascript:alert(1)>", "`\"'><img src=xxx:x \\x0Conerror=javascript:alert(1)>",
+ "`\"'><img src=xxx:x \\x00onerror=javascript:alert(1)>", "`\"'><img src=xxx:x \\x27onerror=javascript:alert(1)>",
+ "`\"'><img src=xxx:x \\x20onerror=javascript:alert(1)>", "\"`'><script>\\x3Bjavascript:alert(1)</script>", "\"`'><script>\\x0Djavascript:alert(1)</script>",
+ "\"`'><script>\\xEF\\xBB\\xBFjavascript:alert(1)</script>", "\"`'><script>\\xE2\\x80\\x81javascript:alert(1)</script>",
+ "\"`'><script>\\xE2\\x80\\x84javascript:alert(1)</script>", "\"`'><script>\\xE3\\x80\\x80javascript:alert(1)</script>",
+ "\"`'><script>\\x09javascript:alert(1)</script>", "\"`'><script>\\xE2\\x80\\x89javascript:alert(1)</script>",
+ "\"`'><script>\\xE2\\x80\\x85javascript:alert(1)</script>", "\"`'><script>\\xE2\\x80\\x88javascript:alert(1)</script>",
+ "\"`'><script>\\x00javascript:alert(1)</script>", "\"`'><script>\\xE2\\x80\\xA8javascript:alert(1)</script>",
+ "\"`'><script>\\xE2\\x80\\x8Ajavascript:alert(1)</script>", "\"`'><script>\\xE1\\x9A\\x80javascript:alert(1)</script>",
+ "\"`'><script>\\x0Cjavascript:alert(1)</script>", "\"`'><script>\\x2Bjavascript:alert(1)</script>",
+ "\"`'><script>\\xF0\\x90\\x96\\x9Ajavascript:alert(1)</script>", "\"`'><script>-javascript:alert(1)</script>",
+ "\"`'><script>\\x0Ajavascript:alert(1)</script>", "\"`'><script>\\xE2\\x80\\xAFjavascript:alert(1)</script>",
+ "\"`'><script>\\x7Ejavascript:alert(1)</script>", "\"`'><script>\\xE2\\x80\\x87javascript:alert(1)</script>",
+ "\"`'><script>\\xE2\\x81\\x9Fjavascript:alert(1)</script>", "\"`'><script>\\xE2\\x80\\xA9javascript:alert(1)</script>",
+ "\"`'><script>\\xC2\\x85javascript:alert(1)</script>", "\"`'><script>\\xEF\\xBF\\xAEjavascript:alert(1)</script>",
+ "\"`'><script>\\xE2\\x80\\x83javascript:alert(1)</script>", "\"`'><script>\\xE2\\x80\\x8Bjavascript:alert(1)</script>",
+ "\"`'><script>\\xEF\\xBF\\xBEjavascript:alert(1)</script>", "\"`'><script>\\xE2\\x80\\x80javascript:alert(1)</script>",
+ "\"`'><script>\\x21javascript:alert(1)</script>", "\"`'><script>\\xE2\\x80\\x82javascript:alert(1)</script>",
+ "\"`'><script>\\xE2\\x80\\x86javascript:alert(1)</script>", "\"`'><script>\\xE1\\xA0\\x8Ejavascript:alert(1)</script>",
+ "\"`'><script>\\x0Bjavascript:alert(1)</script>", "\"`'><script>\\x20javascript:alert(1)</script>", "\"`'><script>\\xC2\\xA0javascript:alert(1)</script>",
+ "<img \\x00src=x onerror=\"alert(1)\">", "<img \\x47src=x onerror=\"javascript:alert(1)\">", "<img \\x11src=x onerror=\"javascript:alert(1)\">",
+ "<img \\x12src=x onerror=\"javascript:alert(1)\">", "<img\\x47src=x onerror=\"javascript:alert(1)\">", "<img\\x10src=x onerror=\"javascript:alert(1)\">",
+ "<img\\x13src=x onerror=\"javascript:alert(1)\">", "<img\\x32src=x onerror=\"javascript:alert(1)\">", "<img\\x47src=x onerror=\"javascript:alert(1)\">",
+ "<img\\x11src=x onerror=\"javascript:alert(1)\">", "<img \\x47src=x onerror=\"javascript:alert(1)\">", "<img \\x34src=x onerror=\"javascript:alert(1)\">",
+ "<img \\x39src=x onerror=\"javascript:alert(1)\">", "<img \\x00src=x onerror=\"javascript:alert(1)\">", "<img src\\x09=x onerror=\"javascript:alert(1)\">",
+ "<img src\\x10=x onerror=\"javascript:alert(1)\">", "<img src\\x13=x onerror=\"javascript:alert(1)\">", "<img src\\x32=x onerror=\"javascript:alert(1)\">",
+ "<img src\\x12=x onerror=\"javascript:alert(1)\">", "<img src\\x11=x onerror=\"javascript:alert(1)\">", "<img src\\x00=x onerror=\"javascript:alert(1)\">",
+ "<img src\\x47=x onerror=\"javascript:alert(1)\">", "<img src=x\\x09onerror=\"javascript:alert(1)\">", "<img src=x\\x10onerror=\"javascript:alert(1)\">",
+ "<img src=x\\x11onerror=\"javascript:alert(1)\">", "<img src=x\\x12onerror=\"javascript:alert(1)\">", "<img src=x\\x13onerror=\"javascript:alert(1)\">",
+ "<img[a][b][c]src[d]=x[e]onerror=[f]\"alert(1)\">", "<img src=x onerror=\\x09\"javascript:alert(1)\">", "<img src=x onerror=\\x10\"javascript:alert(1)\">",
+ "<img src=x onerror=\\x11\"javascript:alert(1)\">", "<img src=x onerror=\\x12\"javascript:alert(1)\">", "<img src=x onerror=\\x32\"javascript:alert(1)\">",
+ "<img src=x onerror=\\x00\"javascript:alert(1)\">", "<a href=java&#1&#2&#3&#4&#5&#6&#7&#8&#11&#12script:javascript:alert(1)>XXX</a>",
+ "<img src=\"x` `<script>javascript:alert(1)</script>\"` `>", "<img src onerror /\" '\"= alt=javascript:alert(1)//\">",
+ "<title onpropertychange=javascript:alert(1)></title><title title=>",
+ "<a href=http://foo.bar/#x=`y></a><img alt=\"`><img src=x:x onerror=javascript:alert(1)></a>\">", "<!--[if]><script>javascript:alert(1)</script -->",
+ "<!--[if<img src=x onerror=javascript:alert(1)//]> -->", "<script src=\"/\%(jscript)s\"></script>", "<script src=\"\\%(jscript)s\"></script>",
+ "<IMG \"\"\"><SCRIPT>alert(\"XSS\")</SCRIPT>\">", "<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>", "<IMG SRC=# onmouseover=\"alert('xxs')\">",
+ "<IMG SRC= onmouseover=\"alert('xxs')\">", "<IMG onmouseover=\"alert('xxs')\">",
+ "<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>",
+ "<IMG "
+ "SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#"
+ "0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>",
+ "<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>",
+ "<IMG SRC=\"jav ascript:alert('XSS');\">", "<IMG SRC=\"jav&#x09;ascript:alert('XSS');\">", "<IMG SRC=\"jav&#x0A;ascript:alert('XSS');\">",
+ "<IMG SRC=\"jav&#x0D;ascript:alert('XSS');\">", "perl -e 'print \"<IMG SRC=java\0script:alert(\"XSS\")>\";' > out",
+ "<IMG SRC=\" &#14; javascript:alert('XSS');\">", "<SCRIPT/XSS SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>",
+ "<BODY onload!#$%&()*~+-_.,:;?@[/|\\]^`=alert(\"XSS\")>", "<SCRIPT/SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>", "<<SCRIPT>alert(\"XSS\");//<</SCRIPT>",
+ "<SCRIPT SRC=http://ha.ckers.org/xss.js?< B >", "<SCRIPT SRC=//ha.ckers.org/.j>", "<IMG SRC=\"javascript:alert('XSS')\"",
+ "<iframe src=http://ha.ckers.org/scriptlet.html <", "\\\";alert('XSS');//", "<u oncopy=alert()> Copy me</u>", "<i onwheel=alert(1)> Scroll over me </i>",
+ "<plaintext>", "http://a/%%30%30", "</textarea><script>alert(123)</script>",
+
+ // SQL Injection
+ //
+ // Strings which can cause a SQL injection if inputs are not sanitized
+
+ "1;DROP TABLE users", "1'; DROP TABLE users-- 1", "' OR 1=1 -- 1", "' OR '1'='1", " ", "%", "_",
+
+ // Server Code Injection
+ //
+ // Strings which can cause user to run code on server as a privileged user (c.f. https://news.ycombinator.com/item?id=7665153)
+
+ "-", "--", "--version", "--help", "$USER", "/dev/null; touch /tmp/blns.fail ; echo", "`touch /tmp/blns.fail`", "$(touch /tmp/blns.fail)",
+ "@{[system \"touch /tmp/blns.fail\"]}",
+
+ // Command Injection (Ruby)
+ //
+ // Strings which can call system commands within Ruby/Rails applications
+
+ "eval(\"puts 'hello world'\")", "System(\"ls -al /\")", "`ls -al /`", "Kernel.exec(\"ls -al /\")", "Kernel.exit(1)", "%x('ls -al /')",
+
+ // XXE Injection (XML)
+ //
+ // String which can reveal system files when parsed by a badly configured XML parser
+
+ "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?><!DOCTYPE foo [ <!ELEMENT foo ANY ><!ENTITY xxe SYSTEM \"file:///etc/passwd\" >]><foo>&xxe;</foo>",
+
+ // Unwanted Interpolation
+ //
+ // Strings which can be accidentally expanded into different strings if evaluated in the wrong context, e.g. used as a printf format string or via Perl or
+ //shell eval. Might expose sensitive data from the program doing the interpolation, or might just represent the wrong string.
+
+ "$HOME", "$ENV{'HOME'}", "%d", "%s", "{0}", "%*.*s", "File:///",
+
+ // File Inclusion
+ //
+ // Strings which can cause user to pull in files that should not be a part of a web server
+
+ "../../../../../../../../../../../etc/passwd%00", "../../../../../../../../../../../etc/hosts",
+
+ // Known CVEs and Vulnerabilities
+ //
+ // Strings that test for known vulnerabilities
+
+ "() { 0; }; touch /tmp/blns.shellshock1.fail;", "() { _; } >_[$($())] { touch /tmp/blns.shellshock2.fail; }", "<<< %s(un='%s') = %u", "+++ATH0",
+
+ // MSDOS/Windows Special Filenames
+ //
+ // Strings which are reserved characters in MSDOS/Windows
+
+ "CON", "PRN", "AUX", "CLOCK$", "NUL", "A:", "ZZ:", "COM1", "LPT1", "LPT2", "LPT3", "COM2", "COM3", "COM4",
+
+ // IRC specific strings
+ //
+ // Strings that may occur on IRC clients that make security products freak out
+
+ "DCC SEND STARTKEYLOGGER 0 0 0",
+
+ // Scunthorpe Problem
+ //
+ // Innocuous strings which may be blocked by profanity filters (https://en.wikipedia.org/wiki/Scunthorpe_problem)
+
+ "Scunthorpe General Hospital", "Penistone Community Church", "Lightwater Country Park", "Jimmy Clitheroe", "Horniman Museum", "shitake mushrooms",
+ "RomansInSussex.co.uk", "http://www.cum.qc.ca/", "Craig Cockburn, Software Specialist", "Linda Callahan", "Dr. Herman I. Libshitz", "magna cum laude",
+ "Super Bowl XXX", "medieval erection of parapets", "evaluate", "mocha", "expression", "Arsenal canal", "classic", "Tyson Gay", "Dick Van Dyke", "basement",
+
+ // Human injection
+ //
+ // Strings which may cause human to reinterpret worldview
+
+ "If you're reading this, you've been in a coma for almost 20 years now. We're trying a new technique. We don't know where this message will end up in your "
+ "dream, but we hope it works. Please wake up, we miss you.",
+
+ // Terminal escape codes
+ //
+ // Strings which punish the fools who use cat/type on this file
+
+ "Roses are red, violets are blue. Hope you enjoy terminal hue", "But now...for my greatest trick...",
+ "The quick brown fox... [Beeeep]",
+
+ // iOS Vulnerabilities
+ //
+ // Strings which crashed iMessage in various versions of iOS
+
+ "Power￙ト￙マ￙ト￙マ￘ᄉ￙ム￘ᄄ￙マ￙ト￙マ￙ト￘ᄉ￙ム￘ᄄ￙マ￘ᄆ￘ᄆ￙ヒ ¢ᆬᆪ ¢ᆬᆪh ¢ᆬᆪ "
+ "¢ᆬᆪ¥ニラ",
+ "￰゚マᄈ0￰゚フネ￯ᄌマ"}; \ No newline at end of file
diff --git a/include/color_cout_g3_sink.hpp b/include/color_cout_g3_sink.hpp
index cd98fac05d..a92bf9432e 100644
--- a/include/color_cout_g3_sink.hpp
+++ b/include/color_cout_g3_sink.hpp
@@ -1,26 +1,29 @@
#pragma once
-namespace crow
-{
- struct ColorCoutSink {
-
+namespace crow {
+struct ColorCoutSink {
// Linux xterm color
// http://stackoverflow.com/questions/2616906/how-do-i-output-coloured-text-to-a-linux-terminal
- enum FG_Color {YELLOW = 33, RED = 31, GREEN=32, WHITE = 97};
-
- FG_Color GetColor(const LEVELS level) const {
- if (level.value == WARNING.value) { return YELLOW; }
- if (level.value == DEBUG.value) { return GREEN; }
- if (g3::internal::wasFatal(level)) { return RED; }
+ enum FG_Color { YELLOW = 33, RED = 31, GREEN = 32, WHITE = 97 };
- return WHITE;
+ FG_Color GetColor(const LEVELS level) const {
+ if (level.value == WARNING.value) {
+ return YELLOW;
}
-
- void ReceiveLogMessage(g3::LogMessageMover logEntry) {
- auto level = logEntry.get()._level;
- auto color = GetColor(level);
-
- std::cout << "\033[" << color << "m"
- << logEntry.get().toString() << "\033[m";
+ if (level.value == DEBUG.value) {
+ return GREEN;
+ }
+ if (g3::internal::wasFatal(level)) {
+ return RED;
}
- };
+
+ return WHITE;
+ }
+
+ void ReceiveLogMessage(g3::LogMessageMover logEntry) {
+ auto level = logEntry.get()._level;
+ auto color = GetColor(level);
+
+ std::cout << "\033[" << color << "m" << logEntry.get().toString() << "\033[m";
+ }
+};
} \ No newline at end of file
diff --git a/include/crow_g3_logger.hpp b/include/crow_g3_logger.hpp
index e39269a579..a7e7d9ffbf 100644
--- a/include/crow_g3_logger.hpp
+++ b/include/crow_g3_logger.hpp
@@ -5,88 +5,70 @@
// but deletes the ILogHandler interface, as usage of that would be counter to the g3
// handler management, and would cause performance issues.
-
-#include <string>
#include <cstdio>
#include <cstdlib>
#include <ctime>
#include <iostream>
#include <sstream>
+#include <string>
#include <g3log/g3log.hpp>
#include <g3log/logworker.hpp>
-namespace crow
-{
- enum class LogLevel
- {
+namespace crow {
+enum class LogLevel {
#ifndef ERROR
- DEBUG = 0,
- INFO,
- WARNING,
- ERROR,
- CRITICAL,
+ DEBUG = 0,
+ INFO,
+ WARNING,
+ ERROR,
+ CRITICAL,
#endif
- Debug = 0,
- Info,
- Warning,
- Error,
- Critical,
- };
-
- class logger {
-
- public:
-
-
- logger(std::string prefix, LogLevel level) : level_(level) {
- // no op, let g3 handle th log levels
-
- }
-
- //
- template <typename T>
- logger& operator<<(T const &value) {
-
- #ifdef CROW_ENABLE_LOGGING
- if(level_ >= get_current_log_level()) {
- stringstream_ << value;
- }
- #endif
- return *this;
- }
+ Debug = 0,
+ Info,
+ Warning,
+ Error,
+ Critical,
+};
+
+class logger {
+ public:
+ logger(std::string prefix, LogLevel level) : level_(level) {
+ // no op, let g3 handle th log levels
+ }
+
+ //
+ template <typename T>
+ logger& operator<<(T const& value) {
+#ifdef CROW_ENABLE_LOGGING
+ if (level_ >= get_current_log_level()) {
+ stringstream_ << value;
+ }
+#endif
+ return *this;
+ }
- //
- static void setLogLevel(LogLevel level) {
- get_log_level_ref() = level;
- }
+ //
+ static void setLogLevel(LogLevel level) { get_log_level_ref() = level; }
- static LogLevel get_current_log_level() {
- return get_log_level_ref();
- }
+ static LogLevel get_current_log_level() { return get_log_level_ref(); }
- private:
- //
- static LogLevel& get_log_level_ref()
- {
- static LogLevel current_level = (LogLevel)CROW_LOG_LEVEL;
- return current_level;
- }
+ private:
+ //
+ static LogLevel& get_log_level_ref() {
+ static LogLevel current_level = (LogLevel)CROW_LOG_LEVEL;
+ return current_level;
+ }
- //
- std::ostringstream stringstream_;
- LogLevel level_;
- };
+ //
+ std::ostringstream stringstream_;
+ LogLevel level_;
+};
}
-#define CROW_LOG_CRITICAL \
- LOG(FATAL)
-#define CROW_LOG_ERROR \
- LOG(WARNING)
-#define CROW_LOG_WARNING \
- LOG(WARNING)
-#define CROW_LOG_INFO \
- LOG(INFO)
-#define CROW_LOG_DEBUG \
- LOG(DEBUG)
+#define CROW_LOG_CRITICAL LOG(FATAL)
+#define CROW_LOG_ERROR LOG(WARNING)
+#define CROW_LOG_WARNING LOG(WARNING)
+#define CROW_LOG_INFO LOG(INFO)
+#define CROW_LOG_DEBUG LOG(DEBUG)
diff --git a/include/ssl_key_handler.hpp b/include/ssl_key_handler.hpp
index a658d9cb0e..69eae13dbb 100644
--- a/include/ssl_key_handler.hpp
+++ b/include/ssl_key_handler.hpp
@@ -11,172 +11,162 @@
#include <openssl/rsa.h>
#include <openssl/ssl.h>
-namespace ensuressl
-{
+namespace ensuressl {
static void init_openssl(void);
static void cleanup_openssl(void);
static EVP_PKEY *create_rsa_key(void);
static void handle_openssl_error(void);
-inline bool verify_openssl_key_cert(const std::string &filepath)
-{
- bool private_key_valid = false;
- bool cert_valid = false;
- FILE *file = fopen(filepath.c_str(), "r");
- if (file != NULL){
- EVP_PKEY *pkey = PEM_read_PrivateKey(file, NULL, NULL, NULL);
- int rc;
- if (pkey) {
- int type = EVP_PKEY_type(pkey->type);
- switch (type) {
- case EVP_PKEY_RSA:
- case EVP_PKEY_RSA2: {
- RSA *rsa = EVP_PKEY_get1_RSA(pkey);
- rc = RSA_check_key(rsa);
- if (rc == 1) {
- private_key_valid = true;
- }
-
- //RSA_free(rsa);
-
- break;
- }
- default:
- break;
- }
-
- if (private_key_valid) {
- X509 *x509 = PEM_read_X509(file, NULL, NULL, NULL);
- unsigned long err = ERR_get_error();
-
- rc = X509_verify(x509, pkey);
- err = ERR_get_error();
- if (err == 0 && rc == 1) {
- cert_valid = true;
- }
- }
-
- EVP_PKEY_free(pkey);
+inline bool verify_openssl_key_cert(const std::string &filepath) {
+ bool private_key_valid = false;
+ bool cert_valid = false;
+ FILE *file = fopen(filepath.c_str(), "r");
+ if (file != NULL) {
+ EVP_PKEY *pkey = PEM_read_PrivateKey(file, NULL, NULL, NULL);
+ int rc;
+ if (pkey) {
+ int type = EVP_PKEY_type(pkey->type);
+ switch (type) {
+ case EVP_PKEY_RSA:
+ case EVP_PKEY_RSA2: {
+ RSA *rsa = EVP_PKEY_get1_RSA(pkey);
+ rc = RSA_check_key(rsa);
+ if (rc == 1) {
+ private_key_valid = true;
+ }
+
+ // RSA_free(rsa);
+
+ break;
}
- fclose(file);
+ default:
+ break;
+ }
+
+ if (private_key_valid) {
+ X509 *x509 = PEM_read_X509(file, NULL, NULL, NULL);
+ unsigned long err = ERR_get_error();
+
+ rc = X509_verify(x509, pkey);
+ err = ERR_get_error();
+ if (err == 0 && rc == 1) {
+ cert_valid = true;
+ }
+ }
+
+ EVP_PKEY_free(pkey);
}
- return cert_valid;
+ fclose(file);
+ }
+ return cert_valid;
}
-inline void generate_ssl_certificate(const std::string &filepath)
-{
- EVP_PKEY *pPrivKey = NULL;
- FILE *pFile = NULL;
- init_openssl();
-
- pPrivKey = create_rsa_key();
-
- // Use this code to directly generate a certificate
- X509 *x509;
- x509 = X509_new();
- if (x509) {
- // TODO get actually random int
- ASN1_INTEGER_set(X509_get_serialNumber(x509), 1584);
-
- // not before this moment
- X509_gmtime_adj(X509_get_notBefore(x509), 0);
- // Cert is valid for 10 years
- X509_gmtime_adj(X509_get_notAfter(x509), 60L * 60L * 24L * 365L * 10L);
-
- // set the public key to the key we just generated
- X509_set_pubkey(x509, pPrivKey);
-
- // Get the subject name
- X509_NAME *name;
- name = X509_get_subject_name(x509);
-
- X509_NAME_add_entry_by_txt(name, "C", MBSTRING_ASC, (unsigned char *)"US", -1,
- -1, 0);
- X509_NAME_add_entry_by_txt(name, "O", MBSTRING_ASC,
- (unsigned char *)"Intel BMC", -1, -1, 0);
- X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC,
- (unsigned char *)"testhost", -1, -1, 0);
- // set the CSR options
- X509_set_issuer_name(x509, name);
-
- // Sign the certificate with our private key
- X509_sign(x509, pPrivKey, EVP_sha256());
-
- pFile = fopen(filepath.c_str(), "wt");
-
- if (pFile) {
- PEM_write_PrivateKey(pFile, pPrivKey, NULL, NULL, 0, 0, NULL);
- PEM_write_X509(pFile, x509);
- fclose(pFile);
- pFile = NULL;
- }
+inline void generate_ssl_certificate(const std::string &filepath) {
+ EVP_PKEY *pPrivKey = NULL;
+ FILE *pFile = NULL;
+ init_openssl();
- X509_free(x509);
- }
+ pPrivKey = create_rsa_key();
+
+ // Use this code to directly generate a certificate
+ X509 *x509;
+ x509 = X509_new();
+ if (x509) {
+ // TODO get actually random int
+ ASN1_INTEGER_set(X509_get_serialNumber(x509), 1584);
+
+ // not before this moment
+ X509_gmtime_adj(X509_get_notBefore(x509), 0);
+ // Cert is valid for 10 years
+ X509_gmtime_adj(X509_get_notAfter(x509), 60L * 60L * 24L * 365L * 10L);
+
+ // set the public key to the key we just generated
+ X509_set_pubkey(x509, pPrivKey);
+
+ // Get the subject name
+ X509_NAME *name;
+ name = X509_get_subject_name(x509);
+
+ X509_NAME_add_entry_by_txt(name, "C", MBSTRING_ASC, (unsigned char *)"US", -1, -1, 0);
+ X509_NAME_add_entry_by_txt(name, "O", MBSTRING_ASC, (unsigned char *)"Intel BMC", -1, -1, 0);
+ X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC, (unsigned char *)"testhost", -1, -1, 0);
+ // set the CSR options
+ X509_set_issuer_name(x509, name);
+
+ // Sign the certificate with our private key
+ X509_sign(x509, pPrivKey, EVP_sha256());
- if (pPrivKey) {
- EVP_PKEY_free(pPrivKey);
- pPrivKey = NULL;
+ pFile = fopen(filepath.c_str(), "wt");
+
+ if (pFile) {
+ PEM_write_PrivateKey(pFile, pPrivKey, NULL, NULL, 0, 0, NULL);
+ PEM_write_X509(pFile, x509);
+ fclose(pFile);
+ pFile = NULL;
}
- //cleanup_openssl();
+ X509_free(x509);
+ }
+
+ if (pPrivKey) {
+ EVP_PKEY_free(pPrivKey);
+ pPrivKey = NULL;
+ }
+
+ // cleanup_openssl();
}
-EVP_PKEY *create_rsa_key(void)
-{
- RSA *pRSA = NULL;
- EVP_PKEY *pKey = NULL;
- pRSA = RSA_generate_key(2048, RSA_3, NULL, NULL);
- pKey = EVP_PKEY_new();
- if (pRSA && pKey && EVP_PKEY_assign_RSA(pKey, pRSA)) {
- /* pKey owns pRSA from now */
- if (RSA_check_key(pRSA) <= 0) {
- fprintf(stderr, "RSA_check_key failed.\n");
- handle_openssl_error();
- EVP_PKEY_free(pKey);
- pKey = NULL;
- }
- } else {
- handle_openssl_error();
- if (pRSA) {
- RSA_free(pRSA);
- pRSA = NULL;
- }
- if (pKey) {
- EVP_PKEY_free(pKey);
- pKey = NULL;
- }
+EVP_PKEY *create_rsa_key(void) {
+ RSA *pRSA = NULL;
+ EVP_PKEY *pKey = NULL;
+ pRSA = RSA_generate_key(2048, RSA_3, NULL, NULL);
+ pKey = EVP_PKEY_new();
+ if (pRSA && pKey && EVP_PKEY_assign_RSA(pKey, pRSA)) {
+ /* pKey owns pRSA from now */
+ if (RSA_check_key(pRSA) <= 0) {
+ fprintf(stderr, "RSA_check_key failed.\n");
+ handle_openssl_error();
+ EVP_PKEY_free(pKey);
+ pKey = NULL;
+ }
+ } else {
+ handle_openssl_error();
+ if (pRSA) {
+ RSA_free(pRSA);
+ pRSA = NULL;
}
- return pKey;
+ if (pKey) {
+ EVP_PKEY_free(pKey);
+ pKey = NULL;
+ }
+ }
+ return pKey;
}
-void init_openssl(void)
-{
- if (SSL_library_init()) {
- SSL_load_error_strings();
- OpenSSL_add_all_algorithms();
- RAND_load_file("/dev/urandom", 1024);
- } else
- exit(EXIT_FAILURE);
+void init_openssl(void) {
+ if (SSL_library_init()) {
+ SSL_load_error_strings();
+ OpenSSL_add_all_algorithms();
+ RAND_load_file("/dev/urandom", 1024);
+ } else
+ exit(EXIT_FAILURE);
}
-void cleanup_openssl(void)
-{
- CRYPTO_cleanup_all_ex_data();
- ERR_free_strings();
- ERR_remove_thread_state(0);
- EVP_cleanup();
+void cleanup_openssl(void) {
+ CRYPTO_cleanup_all_ex_data();
+ ERR_free_strings();
+ ERR_remove_thread_state(0);
+ EVP_cleanup();
}
void handle_openssl_error(void) { ERR_print_errors_fp(stderr); }
-inline void ensure_openssl_key_present_and_valid(const std::string &filepath)
-{
- bool pem_file_valid = false;
+inline void ensure_openssl_key_present_and_valid(const std::string &filepath) {
+ bool pem_file_valid = false;
- pem_file_valid = verify_openssl_key_cert(filepath);
+ pem_file_valid = verify_openssl_key_cert(filepath);
- if (!pem_file_valid) {
- generate_ssl_certificate(filepath);
- }
+ if (!pem_file_valid) {
+ generate_ssl_certificate(filepath);
+ }
}
} \ No newline at end of file
diff --git a/include/token_authorization_middleware.hpp b/include/token_authorization_middleware.hpp
index 801c75f91b..7e8e5031ac 100644
--- a/include/token_authorization_middleware.hpp
+++ b/include/token_authorization_middleware.hpp
@@ -3,21 +3,19 @@
#include <crow/http_request.h>
#include <crow/http_response.h>
-namespace crow
-{
- struct TokenAuthorizationMiddleware {
+namespace crow {
+struct TokenAuthorizationMiddleware {
+ struct context {
+ std::unordered_map<std::string, std::string> cookie_sessions;
+ std::unordered_map<std::string, std::string> cookies_to_push_to_client;
- struct context {
- std::unordered_map<std::string, std::string> cookie_sessions;
- std::unordered_map<std::string, std::string> cookies_to_push_to_client;
+ std::string get_cookie(const std::string& key);
- std::string get_cookie(const std::string& key);
+ void set_cookie(const std::string& key, const std::string& value);
+ };
- void set_cookie(const std::string& key, const std::string& value);
- };
+ void before_handle(crow::request& req, response& res, context& ctx);
- void before_handle(crow::request& req, response& res, context& ctx);
-
- void after_handle(request& req, response& res, context& ctx);
- };
+ void after_handle(request& req, response& res, context& ctx);
+};
} \ No newline at end of file
diff --git a/include/webassets.hpp b/include/webassets.hpp
index 68a6c4a36b..b2bda68869 100644
--- a/include/webassets.hpp
+++ b/include/webassets.hpp
@@ -2,18 +2,16 @@
#include <string>
+#include <crow/app.h>
#include <crow/http_request.h>
#include <crow/http_response.h>
-#include <crow/app.h>
-//TODO this is wrong. file handler shouldn't care about middlewares
-#include "token_authorization_middleware.hpp"
+// TODO this is wrong. file handler shouldn't care about middlewares
#include <crow/routing.h>
+#include "token_authorization_middleware.hpp"
-namespace crow
-{
-namespace webassets
-{
- void request_routes(crow::App<crow::TokenAuthorizationMiddleware>& app);
+namespace crow {
+namespace webassets {
+void request_routes(crow::App<crow::TokenAuthorizationMiddleware>& app);
}
} \ No newline at end of file
diff --git a/src/base64.cpp b/src/base64.cpp
index 259288757b..001a467899 100644
--- a/src/base64.cpp
+++ b/src/base64.cpp
@@ -1,81 +1,67 @@
#include <base64.hpp>
#include <cassert>
-namespace base64
-{
-bool base64_encode(const gsl::cstring_span<> &input, std::string &output)
-{
- static const char encoding_data[] =
- "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
-
- unsigned int input_length = input.size();
-
- // allocate space for output string
- output.clear();
- output.reserve(((input_length + 2) / 3) * 4);
-
- // for each 3-bytes sequence from the input, extract 4 6-bits sequences and
- // encode using
- // encoding_data lookup table.
- // if input do not contains enough chars to complete 3-byte sequence,use pad
- // char '='
- for (unsigned int i = 0; i < input_length; i++) {
- int base64code0 = 0;
- int base64code1 = 0;
- int base64code2 = 0;
- int base64code3 = 0;
-
- base64code0 = (input[i] >> 2) & 0x3f; // 1-byte 6 bits
- output += encoding_data[base64code0];
- base64code1 = (input[i] << 4) & 0x3f; // 1-byte 2 bits +
-
- if (++i < input_length) {
- base64code1 |= (input[i] >> 4) & 0x0f; // 2-byte 4 bits
- output += encoding_data[base64code1];
- base64code2 = (input[i] << 2) & 0x3f; // 2-byte 4 bits +
-
- if (++i < input_length) {
- base64code2 |= (input[i] >> 6) & 0x03; // 3-byte 2 bits
- base64code3 = input[i] & 0x3f; // 3-byte 6 bits
- output += encoding_data[base64code2];
- output += encoding_data[base64code3];
- } else {
- output += encoding_data[base64code2];
- output += '=';
- }
- } else {
- output += encoding_data[base64code1];
- output += '=';
- output += '=';
- }
+namespace base64 {
+bool base64_encode(const gsl::cstring_span<> &input, std::string &output) {
+ static const char encoding_data[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+
+ unsigned int input_length = input.size();
+
+ // allocate space for output string
+ output.clear();
+ output.reserve(((input_length + 2) / 3) * 4);
+
+ // for each 3-bytes sequence from the input, extract 4 6-bits sequences and
+ // encode using
+ // encoding_data lookup table.
+ // if input do not contains enough chars to complete 3-byte sequence,use pad
+ // char '='
+ for (unsigned int i = 0; i < input_length; i++) {
+ int base64code0 = 0;
+ int base64code1 = 0;
+ int base64code2 = 0;
+ int base64code3 = 0;
+
+ base64code0 = (input[i] >> 2) & 0x3f; // 1-byte 6 bits
+ output += encoding_data[base64code0];
+ base64code1 = (input[i] << 4) & 0x3f; // 1-byte 2 bits +
+
+ if (++i < input_length) {
+ base64code1 |= (input[i] >> 4) & 0x0f; // 2-byte 4 bits
+ output += encoding_data[base64code1];
+ base64code2 = (input[i] << 2) & 0x3f; // 2-byte 4 bits +
+
+ if (++i < input_length) {
+ base64code2 |= (input[i] >> 6) & 0x03; // 3-byte 2 bits
+ base64code3 = input[i] & 0x3f; // 3-byte 6 bits
+ output += encoding_data[base64code2];
+ output += encoding_data[base64code3];
+ } else {
+ output += encoding_data[base64code2];
+ output += '=';
+ }
+ } else {
+ output += encoding_data[base64code1];
+ output += '=';
+ output += '=';
}
+ }
- return true;
+ return true;
}
-
-bool base64_decode(const gsl::cstring_span<> &input, std::string &output)
-{
+bool base64_decode(const gsl::cstring_span<> &input, std::string &output) {
static const char nop = -1;
static const char decoding_data[] = {
- nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop,
- nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop,
- nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, 62, nop,
- nop, nop, 63, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, nop, nop,
- nop, nop, nop, nop, nop, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,
- 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24,
- 25, nop, nop, nop, nop, nop, nop, 26, 27, 28, 29, 30, 31, 32, 33,
- 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48,
- 49, 50, 51, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop,
- nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop,
- nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop,
- nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop,
- nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop,
- nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop,
- nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop,
- nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop,
- nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop,
- nop};
+ nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop,
+ nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, 62, nop, nop, nop, 63, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61,
+ nop, nop, nop, nop, nop, nop, nop, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21,
+ 22, 23, 24, 25, nop, nop, nop, nop, nop, nop, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44,
+ 45, 46, 47, 48, 49, 50, 51, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop,
+ nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop,
+ nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop,
+ nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop,
+ nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop};
unsigned int input_length = input.size();
@@ -90,29 +76,29 @@ bool base64_decode(const gsl::cstring_span<> &input, std::string &output)
for (unsigned int i = 0; i < input_length; i++) {
char base64code0;
char base64code1;
- char base64code2 = 0; // initialized to 0 to suppress warnings
+ char base64code2 = 0; // initialized to 0 to suppress warnings
char base64code3;
base64code0 = decoding_data[static_cast<int>(input[i])];
- if (base64code0 == nop) // non base64 character
+ if (base64code0 == nop) // non base64 character
return false;
- if (!(++i < input_length)) // we need at least two input bytes for first
- // byte output
+ if (!(++i < input_length)) // we need at least two input bytes for first
+ // byte output
return false;
base64code1 = decoding_data[static_cast<int>(input[i])];
- if (base64code1 == nop) // non base64 character
+ if (base64code1 == nop) // non base64 character
return false;
output += ((base64code0 << 2) | ((base64code1 >> 4) & 0x3));
if (++i < input_length) {
char c = input[i];
- if (c == '=') { // padding , end of input
+ if (c == '=') { // padding , end of input
assert((base64code1 & 0x0f) == 0);
return true;
}
base64code2 = decoding_data[static_cast<int>(input[i])];
- if (base64code2 == nop) // non base64 character
+ if (base64code2 == nop) // non base64 character
return false;
output += ((base64code1 << 4) & 0xf0) | ((base64code2 >> 2) & 0x0f);
@@ -120,12 +106,12 @@ bool base64_decode(const gsl::cstring_span<> &input, std::string &output)
if (++i < input_length) {
char c = input[i];
- if (c == '=') { // padding , end of input
+ if (c == '=') { // padding , end of input
assert((base64code2 & 0x03) == 0);
return true;
}
base64code3 = decoding_data[static_cast<int>(input[i])];
- if (base64code3 == nop) // non base64 character
+ if (base64code3 == nop) // non base64 character
return false;
output += (((base64code2 << 6) & 0xc0) | base64code3);
@@ -134,5 +120,4 @@ bool base64_decode(const gsl::cstring_span<> &input, std::string &output)
return true;
}
-
} \ No newline at end of file
diff --git a/src/base64_test.cpp b/src/base64_test.cpp
index 3484976034..2758dfa80f 100644
--- a/src/base64_test.cpp
+++ b/src/base64_test.cpp
@@ -1,62 +1,58 @@
#include "base64.hpp"
-#include "gtest/gtest.h"
#include "big_list_of_naughty_strings.hpp"
+#include "gtest/gtest.h"
// Tests that Base64 basic strings work
-TEST(Base64, EncodeBasicString)
-{
- std::string output;
- EXPECT_TRUE(base64::base64_encode("Foo", output));
+TEST(Base64, EncodeBasicString) {
+ std::string output;
+ EXPECT_TRUE(base64::base64_encode("Foo", output));
}
// Tests the test vectors available in the base64 spec
-TEST(Base64, EncodeRFC4648)
-{
- std::string output;
- EXPECT_TRUE(base64::base64_encode("", output));
- EXPECT_EQ(output, "");
- EXPECT_TRUE(base64::base64_encode("f", output));
- EXPECT_EQ(output, "Zg==");
- EXPECT_TRUE(base64::base64_encode("fo", output));
- EXPECT_EQ(output, "Zm8=");
- EXPECT_TRUE(base64::base64_encode("foo", output));
- EXPECT_EQ(output, "Zm9v");
- EXPECT_TRUE(base64::base64_encode("foob", output));
- EXPECT_EQ(output, "Zm9vYg==");
- EXPECT_TRUE(base64::base64_encode("fooba", output));
- EXPECT_EQ(output, "Zm9vYmE=");
- EXPECT_TRUE(base64::base64_encode("foobar", output));
- EXPECT_EQ(output, "Zm9vYmFy");
+TEST(Base64, EncodeRFC4648) {
+ std::string output;
+ EXPECT_TRUE(base64::base64_encode("", output));
+ EXPECT_EQ(output, "");
+ EXPECT_TRUE(base64::base64_encode("f", output));
+ EXPECT_EQ(output, "Zg==");
+ EXPECT_TRUE(base64::base64_encode("fo", output));
+ EXPECT_EQ(output, "Zm8=");
+ EXPECT_TRUE(base64::base64_encode("foo", output));
+ EXPECT_EQ(output, "Zm9v");
+ EXPECT_TRUE(base64::base64_encode("foob", output));
+ EXPECT_EQ(output, "Zm9vYg==");
+ EXPECT_TRUE(base64::base64_encode("fooba", output));
+ EXPECT_EQ(output, "Zm9vYmE=");
+ EXPECT_TRUE(base64::base64_encode("foobar", output));
+ EXPECT_EQ(output, "Zm9vYmFy");
}
// Tests the test vectors available in the base64 spec
-TEST(Base64, DecodeRFC4648)
-{
- std::string output;
- EXPECT_TRUE(base64::base64_decode("", output));
- EXPECT_EQ(output, "");
- EXPECT_TRUE(base64::base64_decode("Zg==", output));
- EXPECT_EQ(output, "f");
- EXPECT_TRUE(base64::base64_decode("Zm8=", output));
- EXPECT_EQ(output, "fo");
- EXPECT_TRUE(base64::base64_decode("Zm9v", output));
- EXPECT_EQ(output, "foo");
- EXPECT_TRUE(base64::base64_decode("Zm9vYg==", output));
- EXPECT_EQ(output, "foob");
- EXPECT_TRUE(base64::base64_decode("Zm9vYmE=", output));
- EXPECT_EQ(output, "fooba");
- EXPECT_TRUE(base64::base64_decode("Zm9vYmFy", output));
- EXPECT_EQ(output, "foobar");
+TEST(Base64, DecodeRFC4648) {
+ std::string output;
+ EXPECT_TRUE(base64::base64_decode("", output));
+ EXPECT_EQ(output, "");
+ EXPECT_TRUE(base64::base64_decode("Zg==", output));
+ EXPECT_EQ(output, "f");
+ EXPECT_TRUE(base64::base64_decode("Zm8=", output));
+ EXPECT_EQ(output, "fo");
+ EXPECT_TRUE(base64::base64_decode("Zm9v", output));
+ EXPECT_EQ(output, "foo");
+ EXPECT_TRUE(base64::base64_decode("Zm9vYg==", output));
+ EXPECT_EQ(output, "foob");
+ EXPECT_TRUE(base64::base64_decode("Zm9vYmE=", output));
+ EXPECT_EQ(output, "fooba");
+ EXPECT_TRUE(base64::base64_decode("Zm9vYmFy", output));
+ EXPECT_EQ(output, "foobar");
}
// Tests using pathalogical cases for all escapings
-TEST(Base64, NaugtyStrings){
- std::string base64_string;
- std::string decoded_string;
- for (auto& str: naughty_strings){
- EXPECT_TRUE(base64::base64_encode(str, base64_string));
- EXPECT_TRUE(base64::base64_decode(base64_string, decoded_string));
- EXPECT_EQ(str, decoded_string);
- }
+TEST(Base64, NaugtyStrings) {
+ std::string base64_string;
+ std::string decoded_string;
+ for (auto& str : naughty_strings) {
+ EXPECT_TRUE(base64::base64_encode(str, base64_string));
+ EXPECT_TRUE(base64::base64_decode(base64_string, decoded_string));
+ EXPECT_EQ(str, decoded_string);
+ }
}
-
diff --git a/src/token_authorization_middleware.cpp b/src/token_authorization_middleware.cpp
index d1972fadf1..aeef58c6a9 100644
--- a/src/token_authorization_middleware.cpp
+++ b/src/token_authorization_middleware.cpp
@@ -4,49 +4,38 @@
#include <token_authorization_middleware.hpp>
-namespace crow
-{
- std::string TokenAuthorizationMiddleware::context::get_cookie(const std::string& key)
- {
- if (cookie_sessions.count(key))
- return cookie_sessions[key];
- return {};
- }
-
- void TokenAuthorizationMiddleware::context::set_cookie(const std::string& key, const std::string& value)
- {
- cookies_to_push_to_client.emplace(key, value);
- }
-
-
- void TokenAuthorizationMiddleware::before_handle(crow::request& req, response& res, context& ctx)
- {
- auto return_unauthorized = [&req, &res](){
- res.code = 401;
- res.end();
- };
- if (req.url == "/login"){
-
- }
- // Check for an authorization header, reject if not present
- if (req.headers.count("Authorization") != 1) {
- return_unauthorized();
- return;
- }
-
- std::string auth_header = req.get_header_value("Authorization");
- // If the user is attempting any kind of auth other than token, reject
- if (!boost::starts_with(auth_header, "Token ")) {
- return_unauthorized();
- return;
- }
- }
-
- void TokenAuthorizationMiddleware::after_handle(request& /*req*/, response& res, context& ctx)
- {
- for (auto& cookie : ctx.cookies_to_push_to_client) {
- res.add_header("Set-Cookie", cookie.first + "=" + cookie.second);
- }
- }
-
+namespace crow {
+std::string TokenAuthorizationMiddleware::context::get_cookie(const std::string& key) {
+ if (cookie_sessions.count(key)) return cookie_sessions[key];
+ return {};
+}
+
+void TokenAuthorizationMiddleware::context::set_cookie(const std::string& key, const std::string& value) { cookies_to_push_to_client.emplace(key, value); }
+
+void TokenAuthorizationMiddleware::before_handle(crow::request& req, response& res, context& ctx) {
+ auto return_unauthorized = [&req, &res]() {
+ res.code = 401;
+ res.end();
+ };
+ if (req.url == "/login") {
+ }
+ // Check for an authorization header, reject if not present
+ if (req.headers.count("Authorization") != 1) {
+ return_unauthorized();
+ return;
+ }
+
+ std::string auth_header = req.get_header_value("Authorization");
+ // If the user is attempting any kind of auth other than token, reject
+ if (!boost::starts_with(auth_header, "Token ")) {
+ return_unauthorized();
+ return;
+ }
+}
+
+void TokenAuthorizationMiddleware::after_handle(request& /*req*/, response& res, context& ctx) {
+ for (auto& cookie : ctx.cookies_to_push_to_client) {
+ res.add_header("Set-Cookie", cookie.first + "=" + cookie.second);
+ }
+}
} \ No newline at end of file
diff --git a/src/token_authorization_middleware_test.cpp b/src/token_authorization_middleware_test.cpp
index 39a12cd546..aef33e35a7 100644
--- a/src/token_authorization_middleware_test.cpp
+++ b/src/token_authorization_middleware_test.cpp
@@ -2,27 +2,23 @@
#include <crow/app.h>
#include "gtest/gtest.h"
-
// Tests that Base64 basic strings work
-TEST(Authentication, TestBasicReject)
-{
- /*
- crow::App<crow::TokenAuthorizationMiddleware> app;
- crow::request req;
- crow::response res;
- app.handle(req, res);
- ASSERT_EQ(res.code, 400);
+TEST(Authentication, TestBasicReject) {
+ /*
+ crow::App<crow::TokenAuthorizationMiddleware> app;
+ crow::request req;
+ crow::response res;
+ app.handle(req, res);
+ ASSERT_EQ(res.code, 400);
- crow::App<crow::TokenAuthorizationMiddleware> app;
- decltype(app)::server_t server(&app, "127.0.0.1", 45451);
- CROW_ROUTE(app, "/")([&](const crow::request& req)
- {
- app.get_context<NullMiddleware>(req);
- app.get_context<NullSimpleMiddleware>(req);
- return "";
- });
- */
+ crow::App<crow::TokenAuthorizationMiddleware> app;
+ decltype(app)::server_t server(&app, "127.0.0.1", 45451);
+ CROW_ROUTE(app, "/")([&](const crow::request& req)
+ {
+ app.get_context<NullMiddleware>(req);
+ app.get_context<NullSimpleMiddleware>(req);
+ return "";
+ });
+ */
}
-
-
diff --git a/src/webserver_main.cpp b/src/webserver_main.cpp
index 6c92e34737..32c5d35067 100644
--- a/src/webserver_main.cpp
+++ b/src/webserver_main.cpp
@@ -22,8 +22,8 @@
#include "crow/websocket.h"
#include "color_cout_g3_sink.hpp"
-#include "webassets.hpp"
#include "token_authorization_middleware.hpp"
+#include "webassets.hpp"
#include <iostream>
#include <string>
@@ -31,25 +31,23 @@
#include <webassets.hpp>
-int main(int argc, char** argv)
-{
- auto worker = g3::LogWorker::createLogWorker();
- auto handle = worker->addDefaultLogger(argv[0], "/tmp/");
- g3::initializeLogging(worker.get());
- auto log_file_name = handle->call(&g3::FileSink::fileName);
- auto sink_handle = worker->addSink(std::make_unique<crow::ColorCoutSink>(),
- &crow::ColorCoutSink::ReceiveLogMessage);
+int main(int argc, char** argv) {
+ auto worker = g3::LogWorker::createLogWorker();
+ auto handle = worker->addDefaultLogger(argv[0], "/tmp/");
+ g3::initializeLogging(worker.get());
+ auto log_file_name = handle->call(&g3::FileSink::fileName);
+ auto sink_handle = worker->addSink(std::make_unique<crow::ColorCoutSink>(), &crow::ColorCoutSink::ReceiveLogMessage);
- LOG(DEBUG) << "Logging to " << log_file_name.get() << "\n";
+ LOG(DEBUG) << "Logging to " << log_file_name.get() << "\n";
- std::string ssl_pem_file("server.pem");
- ensuressl::ensure_openssl_key_present_and_valid(ssl_pem_file);
+ std::string ssl_pem_file("server.pem");
+ ensuressl::ensure_openssl_key_present_and_valid(ssl_pem_file);
- crow::App<crow::TokenAuthorizationMiddleware> app;
+ crow::App<crow::TokenAuthorizationMiddleware> app;
- crow::webassets::request_routes(app);
+ crow::webassets::request_routes(app);
- crow::logger::setLogLevel(crow::LogLevel::DEBUG);
+ crow::logger::setLogLevel(crow::LogLevel::DEBUG);
- app.port(18080).run();
+ app.port(18080).run();
}