14 files changed, 1801 insertions, 95 deletions
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 323747afa8..140b9cbe93 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -57,22 +57,50 @@ include_directories(g3log/src)
 # Debug sanitizers
 find_package(Sanitizers)
 
+# C++ GSL (Guideline support libraries)
+include_directories(GSL/include)
+
+set(WEBSERVER_MAIN src/webserver_main.cpp)
 
 set(SRC_FILES
-    src/example.cpp
     include/crow_g3_logger.hpp
     include/ssl_key_handler.hpp
     include/color_cout_g3_sink.hpp
+    src/token_authorization_middleware.cpp
+    src/base64.cpp
 )
 
-# Executable
+set(UT_FILES
+    src/gtest_main.cpp
+    src/base64_test.cpp
+    src/token_authorization_middleware_test.cpp
+    ${CMAKE_BINARY_DIR}/generated/blns.hpp
+)
 
-add_executable(bmcweb ${SRC_FILES})
-#target_link_libraries(example crow)
+# big list of naughty strings
+file(MAKE_DIRECTORY "${CMAKE_BINARY_DIR}/generated")
+add_custom_command(OUTPUT ${CMAKE_BINARY_DIR}/generated/blns.hpp
+    COMMAND xxd -i ${CMAKE_CURRENT_SOURCE_DIR}/src/blns.txt ${CMAKE_BINARY_DIR}/generated/blns.hpp)
+
+# googletest
+#find_package(GTest REQUIRED)
+enable_testing()
+find_package(GTest REQUIRED)
+
+add_executable(unittest ${SRC_FILES} ${UT_FILES})
+target_link_libraries(unittest GTest::GTest GTest::Main)
+target_link_libraries(unittest Boost::boost Boost::system)
+target_link_libraries(unittest ${CMAKE_THREAD_LIBS_INIT})
+target_link_libraries(unittest OpenSSL::SSL OpenSSL::Crypto)
+target_link_libraries(unittest g3logger)
+
+# bmcweb
+add_executable(bmcweb ${WEBSERVER_MAIN} ${SRC_FILES})
 target_link_libraries(bmcweb Boost::boost Boost::system)
 target_link_libraries(bmcweb ${CMAKE_THREAD_LIBS_INIT})
 target_link_libraries(bmcweb OpenSSL::SSL OpenSSL::Crypto)
 target_link_libraries(bmcweb g3logger)
+
 include_directories(${CMAKE_CURRENT_SOURCE_DIR}/include)
 
 # this needs to be at the end to make sure all includes are handled correctly
diff --git a/GSL b/GSL
new file mode 160000
+Subproject 3819df6e378ffccf0e29465afe99c3b324c2aa7
diff --git a/googletest b/googletest
new file mode 160000
+Subproject aa148eb2b7f70ede0eb10de34b6254826bfb34f
diff --git a/include/base64.hpp b/include/base64.hpp
new file mode 100644
index 0000000000..f5ff338cae
--- /dev/null
+++ b/include/base64.hpp
@@ -0,0 +1,9 @@
+#include <gsl/string_span>
+#include <string>
+
+namespace base64 {
+
+    bool base64_encode(const gsl::cstring_span<> &input, std::string &output);
+    bool base64_decode(const gsl::cstring_span<> &input, std::string &output);
+
+}
+\ No newline at end of file
diff --git a/include/big_list_of_naughty_strings.hpp b/include/big_list_of_naughty_strings.hpp
new file mode 100644
index 0000000000..4ba27f73e4
--- /dev/null
+++ b/include/big_list_of_naughty_strings.hpp
@@ -0,0 +1,687 @@
+const std::string naughty_strings[] = {
+// sourced from https://raw.githubusercontent.com/minimaxir/big-list-of-naughty-strings/master/blns.txt
+
+//	Reserved Strings
+//
+//	Strings which may be used elsewhere in code
+
+"undefined",
+"undef",
+"null",
+"NULL",
+"(null)",
+"nil",
+"NIL",
+"true",
+"false",
+"True",
+"False",
+"TRUE",
+"FALSE",
+"None",
+"hasOwnProperty",
+"\\",
+"\\\\",
+
+//	Numeric Strings
+//
+//	Strings which can be interpreted as numeric
+
+"0",
+"1",
+"1.00",
+"$1.00",
+"1/2",
+"1E2",
+"1E02",
+"1E+02",
+"-1",
+"-1.00",
+"-$1.00",
+"-1/2",
+"-1E2",
+"-1E02",
+"-1E+02",
+"1/0",
+"0/0",
+"-2147483648/-1",
+"-9223372036854775808/-1",
+"-0",
+"-0.0",
+"+0",
+"+0.0",
+"0.00",
+"0..0",
+".",
+"0.0.0",
+"0,00",
+"0,,0",
+",",
+"0,0,0",
+"0.0/0",
+"1.0/0.0",
+"0.0/0.0",
+"1,0/0,0",
+"0,0/0,0",
+"--1",
+"-",
+"-.",
+"-,",
+"999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999",
+"NaN",
+"Infinity",
+"-Infinity",
+"INF",
+"1#INF",
+"-1#IND",
+"1#QNAN",
+"1#SNAN",
+"1#IND",
+"0x0",
+"0xffffffff",
+"0xffffffffffffffff",
+"0xabad1dea",
+"123456789012345678901234567890123456789",
+"1,000.00",
+"1 000.00",
+"1'000.00",
+"1,000,000.00",
+"1 000 000.00",
+"1'000'000.00",
+"1.000,00",
+"1 000,00",
+"1'000,00",
+"1.000.000,00",
+"1 000 000,00",
+"1'000'000,00",
+"01000",
+"08",
+"09",
+"2.2250738585072011e-308",
+
+//	Special Characters
+//
+// ASCII punctuation.  All of these characters may need to be escaped in some
+// contexts.  Divided into three groups based on (US-layout) keyboard position.
+
+",./;'[]\\-=",
+"<>?:\"{}|_+",
+"!@#$%^&*()`~",
+
+// Non-whitespace C0 controls: U+0001 through U+0008, U+000E through U+001F,
+// and U+007F (DEL)
+// Often forbidden to appear in various text-based file formats (e.g. XML),
+// or reused for internal delimiters on the theory that they should never
+// appear in input.
+// The next line may appear to be blank or mojibake in some viewers.
+"",
+
+// Non-whitespace C1 controls: U+0080 through U+0084 and U+0086 through U+009F.
+// Commonly misinterpreted as additional graphic characters.
+// The next line may appear to be blank, mojibake, or dingbats in some viewers.
+"ￂﾀￂﾁￂﾂￂﾃￂﾄￂﾆￂﾇￂﾈￂﾉￂﾊￂﾋￂﾌￂﾍￂﾎￂﾏￂﾐￂﾑￂﾒￂﾓￂﾔￂﾕￂﾖￂﾗￂﾘￂﾙￂﾚￂﾛￂﾜￂﾝￂﾞￂﾟ",
+
+// Whitespace: all of the characters with category Zs, Zl, or Zp (in Unicode
+// version 8.0.0), plus U+0009 (HT), U+000B (VT), U+000C (FF), U+0085 (NEL),
+// and U+200B (ZERO WIDTH SPACE), which are in the C categories but are often
+// treated as whitespace in some contexts.
+// This file unfortunately cannot express strings containing
+// U+0000, U+000A, or U+000D (NUL, LF, CR).
+// The next line may appear to be blank or mojibake in some viewers.
+// The next line may be flagged for \"trailing whitespace\" in some viewers.
+"	"," ￂﾅ ￡ﾚﾀ￢ﾀﾀ￢ﾀﾁ￢ﾀﾂ￢ﾀﾃ￢ﾀﾄ￢ﾀﾅ￢ﾀﾆ￢ﾀﾇ￢ﾀﾈ￢ﾀﾉ￢ﾀﾊ￢ﾀﾋ￢ﾀﾨ￢ﾀﾩ￢ﾀﾯ￢ﾁﾟ￣ﾀﾀ",
+
+// Unicode additional control characters: all of the characters with
+// general category Cf (in Unicode 8.0.0).
+// The next line may appear to be blank or mojibake in some viewers.
+"ￂﾭ￘ﾀ￘ﾁ￘ﾂ￘ﾃ￘ﾄ￘ﾅ￘ﾜￛﾝￜﾏ￡ﾠﾎ￢ﾀﾋ￢ﾀﾌ￢ﾀﾍ￢ﾀﾎ￢ﾀﾏ￢ﾀﾪ￢ﾀﾫ￢ﾀﾬ￢ﾀﾭ￢ﾀﾮ￢ﾁﾠ￢ﾁﾡ￢ﾁﾢ￢ﾁﾣ￢ﾁﾤ￢ﾁﾦ￢ﾁﾧ￢ﾁﾨ￢ﾁﾩ￢ﾁﾪ￢ﾁﾫ￢ﾁﾬ￢ﾁﾭ￢ﾁﾮ￢ﾁﾯ￯ﾻ﾿￯﾿ﾹ￯﾿ﾺ￯﾿ﾻ￰ﾑﾂﾽ￰ﾛﾲﾠ￰ﾛﾲﾡ￰ﾛﾲﾢ￰ﾛﾲﾣ￰ﾝﾅﾳ￰ﾝﾅﾴ￰ﾝﾅﾵ￰ﾝﾅﾶ￰ﾝﾅﾷ￰ﾝﾅﾸ￰ﾝﾅﾹ￰ﾝﾅﾺ￳ﾠﾀﾁ￳ﾠﾀﾠ￳ﾠﾀﾡ￳ﾠﾀﾢ￳ﾠﾀﾣ￳ﾠﾀﾤ￳ﾠﾀﾥ￳ﾠﾀﾦ￳ﾠﾀﾧ￳ﾠﾀﾨ￳ﾠﾀﾩ￳ﾠﾀﾪ￳ﾠﾀﾫ￳ﾠﾀﾬ￳ﾠﾀﾭ￳ﾠﾀﾮ￳ﾠﾀﾯ￳ﾠﾀﾰ￳ﾠﾀﾱ￳ﾠﾀﾲ￳ﾠﾀﾳ￳ﾠﾀﾴ￳ﾠﾀﾵ￳ﾠﾀﾶ￳ﾠﾀﾷ￳ﾠﾀﾸ￳ﾠﾀﾹ￳ﾠﾀﾺ￳ﾠﾀﾻ￳ﾠﾀﾼ￳ﾠﾀﾽ￳ﾠﾀﾾ￳ﾠﾀ﾿￳ﾠﾁﾀ￳ﾠﾁﾁ￳ﾠﾁﾂ￳ﾠﾁﾃ￳ﾠﾁﾄ￳ﾠﾁﾅ￳ﾠﾁﾆ￳ﾠﾁﾇ￳ﾠﾁﾈ￳ﾠﾁﾉ￳ﾠﾁﾊ￳ﾠﾁﾋ￳ﾠﾁﾌ￳ﾠﾁﾍ￳ﾠﾁﾎ￳ﾠﾁﾏ￳ﾠﾁﾐ￳ﾠﾁﾑ￳ﾠﾁﾒ￳ﾠﾁﾓ￳ﾠﾁﾔ￳ﾠﾁﾕ￳ﾠﾁﾖ￳ﾠﾁﾗ￳ﾠﾁﾘ￳ﾠﾁﾙ￳ﾠﾁﾚ￳ﾠﾁﾛ￳ﾠﾁﾜ￳ﾠﾁﾝ￳ﾠﾁﾞ￳ﾠﾁﾟ￳ﾠﾁﾠ￳ﾠﾁﾡ￳ﾠﾁﾢ￳ﾠﾁﾣ￳ﾠﾁﾤ￳ﾠﾁﾥ￳ﾠﾁﾦ￳ﾠﾁﾧ￳ﾠﾁﾨ￳ﾠﾁﾩ￳ﾠﾁﾪ￳ﾠﾁﾫ￳ﾠﾁﾬ￳ﾠﾁﾭ￳ﾠﾁﾮ￳ﾠﾁﾯ￳ﾠﾁﾰ￳ﾠﾁﾱ￳ﾠﾁﾲ￳ﾠﾁﾳ￳ﾠﾁﾴ￳ﾠﾁﾵ￳ﾠﾁﾶ￳ﾠﾁﾷ￳ﾠﾁﾸ￳ﾠﾁﾹ￳ﾠﾁﾺ￳ﾠﾁﾻ￳ﾠﾁﾼ￳ﾠﾁﾽ￳ﾠﾁﾾ￳ﾠﾁ﾿",
+
+// \"Byte order marks\", U+FEFF and U+FFFE, each on its own line.
+// The next two lines may appear to be blank or mojibake in some viewers.
+"￯ﾻ﾿",
+"￯﾿ﾾ",
+
+//	Unicode Symbols
+//
+//	Strings which contain common unicode symbols (e.g. smart quotes)
+
+"ￎﾩ￢ﾉﾈￃﾧ￢ﾈﾚ￢ﾈﾫￋﾜￂﾵ￢ﾉﾤ￢ﾉﾥￃﾷ",
+"ￃﾥￃﾟ￢ﾈﾂￆﾒￂﾩￋﾙ￢ﾈﾆￋﾚￂﾬ￢ﾀﾦￃﾦ",
+"ￅﾓ￢ﾈﾑￂﾴￂﾮ￢ﾀﾠￂﾥￂﾨￋﾆￃﾸￏﾀ￢ﾀﾜ￢ﾀﾘ",
+"ￂﾡ￢ﾄﾢￂﾣￂﾢ￢ﾈﾞￂﾧￂﾶ￢ﾀﾢￂﾪￂﾺ￢ﾀﾓ￢ﾉﾠ",
+"ￂﾸￋﾛￃﾇ￢ﾗﾊￄﾱￋﾜￃﾂￂﾯￋﾘￂ﾿",
+"ￃﾅￃﾍￃﾎￃﾏￋﾝￃﾓￃﾔ￯ﾣ﾿ￃﾒￃﾚￃﾆ￢ﾘﾃ",
+"ￅﾒ￢ﾀﾞￂﾴ￢ﾀﾰￋﾇￃﾁￂﾨￋﾆￃﾘ￢ﾈﾏ￢ﾀﾝ￢ﾀﾙ",
+"`￢ﾁﾄ￢ﾂﾬ￢ﾀﾹ￢ﾀﾺ￯ﾬﾁ￯ﾬﾂ￢ﾀﾡￂﾰￂﾷ￢ﾀﾚ￢ﾀﾔￂﾱ",
+"￢ﾅﾛ￢ﾅﾜ￢ﾅﾝ￢ﾅﾞ",
+"￐ﾁ￐ﾂ￐ﾃ￐ﾄ￐ﾅ￐ﾆ￐ﾇ￐ﾈ￐ﾉ￐ﾊ￐ﾋ￐ﾌ￐ﾍ￐ﾎ￐ﾏ￐ﾐ￐ﾑ￐ﾒ￐ﾓ￐ﾔ￐ﾕ￐ﾖ￐ﾗ￐ﾘ￐ﾙ￐ﾚ￐ﾛ￐ﾜ￐ﾝ￐ﾞ￐ﾟ￐ﾠ￐ﾡ￐ﾢ￐ﾣ￐ﾤ￐ﾥ￐ﾦ￐ﾧ￐ﾨ￐ﾩ￐ﾪ￐ﾫ￐ﾬ￐ﾭ￐ﾮ￐ﾯ￐ﾰ￐ﾱ￐ﾲ￐ﾳ￐ﾴ￐ﾵ￐ﾶ￐ﾷ￐ﾸ￐ﾹ￐ﾺ￐ﾻ￐ﾼ￐ﾽ￐ﾾ￐﾿￑ﾀ￑ﾁ￑ﾂ￑ﾃ￑ﾄ￑ﾅ￑ﾆ￑ﾇ￑ﾈ￑ﾉ￑ﾊ￑ﾋ￑ﾌ￑ﾍ￑ﾎ￑ﾏ",
+"￙ﾠ￙ﾡ￙ﾢ￙ﾣ￙ﾤ￙ﾥ￙ﾦ￙ﾧ￙ﾨ￙ﾩ",
+
+//	Unicode Subscript/Superscript/Accents
+//
+//	Strings which contain unicode subscripts/superscripts; can cause rendering issues
+
+"￢ﾁﾰ￢ﾁﾴ￢ﾁﾵ",
+"￢ﾂﾀ￢ﾂﾁ￢ﾂﾂ",
+"￢ﾁﾰ￢ﾁﾴ￢ﾁﾵ￢ﾂﾀ￢ﾂﾁ￢ﾂﾂ",
+"￠ﾸﾔ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾇ￠ﾹﾇ￠ﾹﾇ￠ﾹﾇ￠ﾹﾇ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾇ￠ﾹﾇ￠ﾹﾇ￠ﾹﾇ￠ﾹﾇ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾇ￠ﾹﾇ￠ﾹﾇ￠ﾹﾇ￠ﾹﾇ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾇ￠ﾹﾇ￠ﾹﾇ￠ﾹﾇ￠ﾹﾇ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾇ￠ﾹﾇ￠ﾹﾇ￠ﾹﾇ￠ﾹﾇ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾇ￠ﾹﾇ￠ﾹﾇ￠ﾹﾇ￠ﾹﾇ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾇ￠ﾹﾇ￠ﾹﾇ￠ﾹﾇ￠ﾹﾇ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾇ￠ﾹﾇ￠ﾹﾇ￠ﾹﾇ ￠ﾸﾔ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾇ￠ﾹﾇ￠ﾹﾇ￠ﾹﾇ￠ﾹﾇ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾇ￠ﾹﾇ￠ﾹﾇ￠ﾹﾇ￠ﾹﾇ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾇ￠ﾹﾇ￠ﾹﾇ￠ﾹﾇ￠ﾹﾇ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾇ￠ﾹﾇ￠ﾹﾇ￠ﾹﾇ￠ﾹﾇ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾇ￠ﾹﾇ￠ﾹﾇ￠ﾹﾇ￠ﾹﾇ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾇ￠ﾹﾇ￠ﾹﾇ￠ﾹﾇ￠ﾹﾇ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾇ￠ﾹﾇ￠ﾹﾇ￠ﾹﾇ￠ﾹﾇ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾇ￠ﾹﾇ￠ﾹﾇ￠ﾹﾇ ￠ﾸﾔ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾇ￠ﾹﾇ￠ﾹﾇ￠ﾹﾇ￠ﾹﾇ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾇ￠ﾹﾇ￠ﾹﾇ￠ﾹﾇ￠ﾹﾇ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾇ￠ﾹﾇ￠ﾹﾇ￠ﾹﾇ￠ﾹﾇ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾇ￠ﾹﾇ￠ﾹﾇ￠ﾹﾇ￠ﾹﾇ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾇ￠ﾹﾇ￠ﾹﾇ￠ﾹﾇ￠ﾹﾇ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾇ￠ﾹﾇ￠ﾹﾇ￠ﾹﾇ￠ﾹﾇ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾇ￠ﾹﾇ￠ﾹﾇ￠ﾹﾇ￠ﾹﾇ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾉ￠ﾹﾇ￠ﾹﾇ￠ﾹﾇ￠ﾹﾇ",
+
+//	Quotation Marks
+//
+//	Strings which contain misplaced quotation marks; can cause encoding errors
+
+"'",
+"\"",
+"''",
+"\"\"",
+"'\"'",
+"\"''''\"'\"",
+"\"'\"'\"''''\"",
+"<foo val=￢ﾀﾜbar￢ﾀﾝ />",
+"<foo val=￢ﾀﾜbar￢ﾀﾝ />",
+"<foo val=￢ﾀﾝbar￢ﾀﾜ />",
+"<foo val=`bar' />",
+
+//	Two-Byte Characters
+//
+//	Strings which contain two-byte characters: can cause rendering issues or character-length issues
+
+"￧ﾔﾰ￤ﾸﾭ￣ﾁﾕ￣ﾂﾓ￣ﾁﾫ￣ﾁﾂ￣ﾁﾒ￣ﾁﾦ￤ﾸﾋ￣ﾁﾕ￣ﾁﾄ",
+"￣ﾃﾑ￣ﾃﾼ￣ﾃﾆ￣ﾂﾣ￣ﾃﾼ￣ﾁﾸ￨ﾡﾌ￣ﾁﾋ￣ﾁﾪ￣ﾁﾄ￣ﾁﾋ",
+"￥ﾒﾌ￨ﾣﾽ￦ﾼﾢ￨ﾪﾞ",
+"￩ﾃﾨ￨ﾐﾽ￦ﾠﾼ",
+"￬ﾂﾬ￭ﾚﾌ￪ﾳﾼ￭ﾕﾙ￬ﾛﾐ ￬ﾖﾴ￭ﾕﾙ￬ﾗﾰ￪ﾵﾬ￬ﾆﾌ",
+"￬ﾰﾦ￬ﾰﾨ￫ﾥﾼ ￭ﾃﾀ￪ﾳﾠ ￬ﾘﾨ ￭ﾎﾲ￬ﾋﾜ￫ﾧﾨ￪ﾳﾼ ￬ﾑﾛ￫ﾋﾤ￫ﾦﾬ ￫ﾘﾠ￫ﾰﾩ￪ﾰﾁ￭ﾕﾘ",
+"￧ﾤﾾ￦ﾜﾃ￧ﾧﾑ￥ﾭﾸ￩ﾙﾢ￨ﾪﾞ￥ﾭﾸ￧ﾠﾔ￧ﾩﾶ￦ﾉﾀ",
+"￬ﾚﾸ￫ﾞﾀ￫ﾰﾔ￭ﾆﾠ￫ﾥﾴ",
+"￰ﾠﾜﾎ￰ﾠﾜﾱ￰ﾠﾝﾹ￰ﾠﾱﾓ￰ﾠﾱﾸ￰ﾠﾲﾖ￰ﾠﾳﾏ",
+
+//	Changing length when lowercased
+//
+//	Characters which increase in length (2 to 3 bytes) when lowercased
+//	Credit: https://twitter.com/jifa/status/625776454479970304
+
+"￈ﾺ",
+"￈ﾾ",
+
+//	Japanese Emoticons
+//
+//	Strings which consists of Japanese-style emoticons which are popular on the web
+
+"￣ﾃﾽ￠ﾼﾼ￠ﾺﾈ￙ﾄￍﾜ￠ﾺﾈ￠ﾼﾽ￯ﾾﾉ ￣ﾃﾽ￠ﾼﾼ￠ﾺﾈ￙ﾄￍﾜ￠ﾺﾈ￠ﾼﾽ￯ﾾﾉ",
+"(￯ﾽﾡ￢ﾗﾕ ￢ﾈﾀ ￢ﾗﾕ￯ﾽﾡ)",
+"￯ﾽﾀ￯ﾽﾨ(ￂﾴ￢ﾈﾀ￯ﾽﾀ￢ﾈﾩ",
+"__￯ﾾﾛ(,_,*)",
+"￣ﾃﾻ(￯﾿ﾣ￢ﾈﾀ￯﾿ﾣ)￣ﾃﾻ:*:",
+"￯ﾾﾟ￯ﾽﾥ￢ﾜ﾿￣ﾃﾾ￢ﾕﾲ(￯ﾽﾡ￢ﾗﾕ￢ﾀ﾿￢ﾗﾕ￯ﾽﾡ)￢ﾕﾱ￢ﾜ﾿￯ﾽﾥ￯ﾾﾟ",
+",￣ﾀﾂ￣ﾃﾻ:*:￣ﾃﾻ￣ﾂﾜ￢ﾀﾙ( ￢ﾘﾻ ￏﾉ ￢ﾘﾻ )￣ﾀﾂ￣ﾃﾻ:*:￣ﾃﾻ￣ﾂﾜ￢ﾀﾙ",
+"(￢ﾕﾯￂﾰ￢ﾖﾡￂﾰ￯ﾼﾉ￢ﾕﾯ￯ﾸﾵ ￢ﾔﾻ￢ﾔﾁ￢ﾔﾻ)",
+"(￯ﾾﾉ￠ﾲﾥ￧ﾛﾊ￠ﾲﾥ￯ﾼﾉ￯ﾾﾉ￯ﾻ﾿ ￢ﾔﾻ￢ﾔﾁ￢ﾔﾻ",
+"￢ﾔﾬ￢ﾔﾀ￢ﾔﾬ￣ﾃﾎ( ￂﾺ _ ￂﾺ￣ﾃﾎ)",
+"( ￍﾡￂﾰ ￍﾜￊﾖ ￍﾡￂﾰ)",
+
+//	Emoji
+//
+//	Strings which contain Emoji; should be the same behavior as two-byte characters, but not always
+
+"￰ﾟﾘﾍ",
+"￰ﾟﾑﾩ￰ﾟﾏﾽ",
+"￰ﾟﾑﾾ ￰ﾟﾙﾇ ￰ﾟﾒﾁ ￰ﾟﾙﾅ ￰ﾟﾙﾆ ￰ﾟﾙﾋ ￰ﾟﾙﾎ ￰ﾟﾙﾍ",
+"￰ﾟﾐﾵ ￰ﾟﾙﾈ ￰ﾟﾙﾉ ￰ﾟﾙﾊ",
+"￢ﾝﾤ￯ﾸﾏ ￰ﾟﾒﾔ ￰ﾟﾒﾌ ￰ﾟﾒﾕ ￰ﾟﾒﾞ ￰ﾟﾒﾓ ￰ﾟﾒﾗ ￰ﾟﾒﾖ ￰ﾟﾒﾘ ￰ﾟﾒﾝ ￰ﾟﾒﾟ ￰ﾟﾒﾜ ￰ﾟﾒﾛ ￰ﾟﾒﾚ ￰ﾟﾒﾙ",
+"￢ﾜﾋ￰ﾟﾏ﾿ ￰ﾟﾒﾪ￰ﾟﾏ﾿ ￰ﾟﾑﾐ￰ﾟﾏ﾿ ￰ﾟﾙﾌ￰ﾟﾏ﾿ ￰ﾟﾑﾏ￰ﾟﾏ﾿ ￰ﾟﾙﾏ￰ﾟﾏ﾿",
+"￰ﾟﾚﾾ ￰ﾟﾆﾒ ￰ﾟﾆﾓ ￰ﾟﾆﾕ ￰ﾟﾆﾖ ￰ﾟﾆﾗ ￰ﾟﾆﾙ ￰ﾟﾏﾧ",
+"0￯ﾸﾏ￢ﾃﾣ 1￯ﾸﾏ￢ﾃﾣ 2￯ﾸﾏ￢ﾃﾣ 3￯ﾸﾏ￢ﾃﾣ 4￯ﾸﾏ￢ﾃﾣ 5￯ﾸﾏ￢ﾃﾣ 6￯ﾸﾏ￢ﾃﾣ 7￯ﾸﾏ￢ﾃﾣ 8￯ﾸﾏ￢ﾃﾣ 9￯ﾸﾏ￢ﾃﾣ ￰ﾟﾔﾟ",
+
+//       Regional Indicator Symbols
+//
+//       Regional Indicator Symbols can be displayed differently across
+//       fonts, and have a number of special behaviors
+
+"￰ﾟﾇﾺ￰ﾟﾇﾸ￰ﾟﾇﾷ￰ﾟﾇﾺ￰ﾟﾇﾸ ￰ﾟﾇﾦ￰ﾟﾇﾫ￰ﾟﾇﾦ￰ﾟﾇﾲ￰ﾟﾇﾸ",
+"￰ﾟﾇﾺ￰ﾟﾇﾸ￰ﾟﾇﾷ￰ﾟﾇﾺ￰ﾟﾇﾸ￰ﾟﾇﾦ￰ﾟﾇﾫ￰ﾟﾇﾦ￰ﾟﾇﾲ",
+"￰ﾟﾇﾺ￰ﾟﾇﾸ￰ﾟﾇﾷ￰ﾟﾇﾺ￰ﾟﾇﾸ￰ﾟﾇﾦ",
+
+//	Unicode Numbers
+//
+//	Strings which contain unicode numbers; if the code is localized, it should see the input as numeric
+
+"￯ﾼﾑ￯ﾼﾒ￯ﾼﾓ",
+"￙ﾡ￙ﾢ￙ﾣ",
+
+//	Right-To-Left Strings
+//
+//	Strings which contain text that should be rendered RTL if possible (e.g. Arabic, Hebrew)
+
+"￘ﾫ￙ﾅ ￙ﾆ￙ﾁ￘ﾳ ￘ﾳ￙ﾂ￘ﾷ￘ﾪ ￙ﾈ￘ﾨ￘ﾧ￙ﾄ￘ﾪ￘ﾭ￘ﾯ￙ﾊ￘ﾯ￘ﾌ, ￘ﾬ￘ﾲ￙ﾊ￘ﾱ￘ﾪ￙ﾊ ￘ﾨ￘ﾧ￘ﾳ￘ﾪ￘ﾮ￘ﾯ￘ﾧ￙ﾅ ￘ﾣ￙ﾆ ￘ﾯ￙ﾆ￙ﾈ. ￘ﾥ￘ﾰ ￙ﾇ￙ﾆ￘ﾧ￘ﾟ ￘ﾧ￙ﾄ￘ﾳ￘ﾪ￘ﾧ￘ﾱ ￙ﾈ￘ﾪ￙ﾆ￘ﾵ￙ﾊ￘ﾨ ￙ﾃ￘ﾧ￙ﾆ. ￘ﾣ￙ﾇ￙ﾑ￙ﾄ ￘ﾧ￙ﾊ￘ﾷ￘ﾧ￙ﾄ￙ﾊ￘ﾧ￘ﾌ ￘ﾨ￘ﾱ￙ﾊ￘ﾷ￘ﾧ￙ﾆ￙ﾊ￘ﾧ-￙ﾁ￘ﾱ￙ﾆ￘ﾳ￘ﾧ ￙ﾂ￘ﾯ ￘ﾣ￘ﾮ￘ﾰ. ￘ﾳ￙ﾄ￙ﾊ￙ﾅ￘ﾧ￙ﾆ￘ﾌ ￘ﾥ￘ﾪ￙ﾁ￘ﾧ￙ﾂ￙ﾊ￘ﾩ ￘ﾨ￙ﾊ￙ﾆ ￙ﾅ￘ﾧ, ￙ﾊ￘ﾰ￙ﾃ￘ﾱ ￘ﾧ￙ﾄ￘ﾭ￘ﾯ￙ﾈ￘ﾯ ￘ﾣ￙ﾊ ￘ﾨ￘ﾹ￘ﾯ, ￙ﾅ￘ﾹ￘ﾧ￙ﾅ￙ﾄ￘ﾩ ￘ﾨ￙ﾈ￙ﾄ￙ﾆ￘ﾯ￘ﾧ￘ﾌ ￘ﾧ￙ﾄ￘ﾥ￘ﾷ￙ﾄ￘ﾧ￙ﾂ ￘ﾹ￙ﾄ ￘ﾥ￙ﾊ￙ﾈ.",
+"ￗﾑￖﾰￖﾼￗﾨￖﾵￗﾐￗﾩￖﾴￗﾁￗﾙￗﾪ, ￗﾑￖﾸￖﾼￗﾨￖﾸￗﾐ ￗﾐￖﾱￗﾜￖﾹￗﾔￖﾴￗﾙￗﾝ, ￗﾐￖﾵￗﾪ ￗﾔￖﾷￗﾩￖﾸￖﾼￗﾁￗﾞￖﾷￗﾙￖﾴￗﾝ, ￗﾕￖﾰￗﾐￖﾵￗﾪ ￗﾔￖﾸￗﾐￖﾸￗﾨￖﾶￗﾥ",
+"ￗﾔￖﾸￗﾙￖﾰￗﾪￖﾸￗﾔtest￘ﾧ￙ﾄ￘ﾵ￙ﾁ￘ﾭ￘ﾧ￘ﾪ ￘ﾧ￙ﾄ￘ﾪ￙ﾑ￘ﾭ￙ﾈ￙ﾄ",
+"￯ﾷﾽ",
+"￯ﾷﾺ",
+"￙ﾅ￙ﾏ￙ﾆ￙ﾎ￘ﾧ￙ﾂ￙ﾎ￘ﾴ￙ﾎ￘ﾩ￙ﾏ ￘ﾳ￙ﾏ￘ﾨ￙ﾏ￙ﾄ￙ﾐ ￘ﾧ￙ﾐ￘ﾳ￙ﾒ￘ﾪ￙ﾐ￘ﾮ￙ﾒ￘ﾯ￙ﾎ￘ﾧ￙ﾅ￙ﾐ ￘ﾧ￙ﾄ￙ﾄ￙ﾑ￙ﾏ￘ﾺ￙ﾎ￘ﾩ￙ﾐ ￙ﾁ￙ﾐ￙ﾊ ￘ﾧ￙ﾄ￙ﾆ￙ﾑ￙ﾏ￘ﾸ￙ﾏ￙ﾅ￙ﾐ ￘ﾧ￙ﾄ￙ﾒ￙ﾂ￙ﾎ￘ﾧ￘ﾦ￙ﾐ￙ﾅ￙ﾎ￘ﾩ￙ﾐ ￙ﾈ￙ﾎ￙ﾁ￙ﾐ￙ﾊ￙ﾅ ￙ﾊ￙ﾎ￘ﾮ￙ﾏ￘ﾵ￙ﾑ￙ﾎ ￘ﾧ￙ﾄ￘ﾪ￙ﾑ￙ﾎ￘ﾷ￙ﾒ￘ﾨ￙ﾐ￙ﾊ￙ﾂ￙ﾎ￘ﾧ￘ﾪ￙ﾏ ￘ﾧ￙ﾄ￙ﾒ￘ﾭ￘ﾧ￘ﾳ￙ﾏ￙ﾈ￘ﾨ￙ﾐ￙ﾊ￙ﾑ￙ﾎ￘ﾩ￙ﾏ￘ﾌ ",
+
+//	Trick Unicode
+//
+//	Strings which contain unicode with unusual properties (e.g. Right-to-left override) (c.f. http://www.unicode.org/charts/PDF/U2000.pdf)
+
+"￢ﾀﾪ￢ﾀﾪtest￢ﾀﾪ",
+"￢ﾀﾫtest￢ﾀﾫ",
+"￢ﾀﾩtest￢ﾀﾩ",
+"test￢ﾁﾠtest￢ﾀﾫ",
+"￢ﾁﾦtest￢ﾁﾧ",
+
+//	Zalgo Text
+//
+//	Strings which contain \"corrupted\" text. The corruption will not appear in non-HTML text, however. (via http://www.eeemo.net)
+
+"￡ﾹﾰￌﾺￌﾺￌﾕoￍﾞ ￌﾷiￌﾲￌﾬￍﾇￌﾪￍﾙnￌﾝￌﾗￍﾕvￌﾟￌﾜￌﾘￌﾦￍﾟoￌﾶￌﾙￌﾰￌﾠkￃﾨￍﾚￌﾮￌﾺￌﾪￌﾹￌﾱￌﾤ ￌﾖtￌﾝￍﾕￌﾳￌﾣￌﾻￌﾪￍﾞhￌﾼￍﾓￌﾲￌﾦￌﾳￌﾘￌﾲeￍﾇￌﾣￌﾰￌﾦￌﾬￍﾎ ￌﾢￌﾼￌﾻￌﾱￌﾘhￍﾚￍﾎￍﾙￌﾜￌﾣￌﾲￍﾅiￌﾦￌﾲￌﾣￌﾰￌﾤvￌﾻￍﾍeￌﾺￌﾭￌﾳￌﾪￌﾰ-mￌﾢiￍﾅnￌﾖￌﾺￌﾞￌﾲￌﾯￌﾰdￌﾵￌﾼￌﾟￍﾙￌﾩￌﾼￌﾘￌﾳ ￌﾞￌﾥￌﾱￌﾳￌﾭrￌﾛￌﾗￌﾘeￍﾙpￍﾠrￌﾼￌﾞￌﾻￌﾭￌﾗeￌﾺￌﾠￌﾣￍﾟsￌﾘￍﾇￌﾳￍﾍￌﾝￍﾉeￍﾉￌﾥￌﾯￌﾞￌﾲￍﾚￌﾬￍﾜￇﾹￌﾬￍﾎￍﾎￌﾟￌﾖￍﾇￌﾤtￍﾍￌﾬￌﾤￍﾓￌﾼￌﾭￍﾘￍﾅiￌﾪￌﾱnￍﾠgￌﾴￍﾉ ￍﾏￍﾉￍﾅcￌﾬￌﾟhￍﾡaￌﾫￌﾻￌﾯￍﾘoￌﾫￌﾟￌﾖￍﾍￌﾙￌﾝￍﾉsￌﾗￌﾦￌﾲ.ￌﾨￌﾹￍﾈￌﾣ",
+"ￌﾡￍﾓￌﾞￍﾅIￌﾗￌﾘￌﾦￍﾝnￍﾇￍﾇￍﾙvￌﾮￌﾫokￌﾲￌﾫￌﾙￍﾈiￌﾖￍﾙￌﾭￌﾹￌﾠￌﾞnￌﾡￌﾻￌﾮￌﾣￌﾺgￌﾲￍﾈￍﾙￌﾭￍﾙￌﾬￍﾎ ￌﾰtￍﾔￌﾦhￌﾞￌﾲeￌﾢￌﾤ ￍﾍￌﾬￌﾲￍﾖfￌﾴￌﾘￍﾕￌﾣￃﾨￍﾖ￡ﾺﾹￌﾥￌﾩlￍﾖￍﾔￍﾚiￍﾓￍﾚￌﾦￍﾠnￍﾖￍﾍￌﾗￍﾓￌﾳￌﾮgￍﾍ ￌﾨoￍﾚￌﾪￍﾡfￌﾘￌﾣￌﾬ ￌﾖￌﾘￍﾖￌﾟￍﾙￌﾮcￒﾉￍﾔￌﾫￍﾖￍﾓￍﾇￍﾖￍﾅhￌﾵￌﾤￌﾣￍﾚￍﾔￃﾡￌﾗￌﾼￍﾕￍﾅoￌﾼￌﾣￌﾥsￌﾱￍﾈￌﾺￌﾖￌﾦￌﾻￍﾢ.ￌﾛￌﾖￌﾞￌﾠￌﾫￌﾰ",
+"ￌﾗￌﾺￍﾖￌﾹￌﾯￍﾓ￡ﾹﾮￌﾤￍﾍￌﾥￍﾇￍﾈhￌﾲￌﾁeￍﾏￍﾓￌﾼￌﾗￌﾙￌﾼￌﾣￍﾔ ￍﾇￌﾜￌﾱￌﾠￍﾓￍﾍￍﾅNￍﾕￍﾠeￌﾗￌﾱzￌﾘￌﾝￌﾜￌﾺￍﾙpￌﾤￌﾺￌﾹￍﾍￌﾯￍﾚeￌﾠￌﾻￌﾠￍﾜrￌﾨￌﾤￍﾍￌﾺￌﾖￍﾔￌﾖￌﾖdￌﾠￌﾟￌﾭￌﾬￌﾝￍﾟiￌﾦￍﾖￌﾩￍﾓￍﾔￌﾤaￌﾠￌﾗￌﾬￍﾉￌﾙnￍﾚￍﾜ ￌﾻￌﾞￌﾰￍﾚￍﾅhￌﾵￍﾉiￌﾳￌﾞvￌﾢￍﾇ￡ﾸﾙￍﾎￍﾟ-ￒﾉￌﾭￌﾩￌﾼￍﾔmￌﾤￌﾭￌﾫiￍﾕￍﾇￌﾝￌﾦnￌﾗￍﾙ￡ﾸﾍￌﾟ ￌﾯￌﾲￍﾕￍﾞￇﾫￌﾟￌﾯￌﾰￌﾲￍﾙￌﾻￌﾝf ￌﾪￌﾰￌﾰￌﾗￌﾖￌﾭￌﾘￍﾘcￌﾦￍﾍￌﾲￌﾞￍﾍￌﾩￌﾙ￡ﾸﾥￍﾚaￌﾮￍﾎￌﾟￌﾙￍﾜￆﾡￌﾩￌﾹￍﾎsￌﾤ.ￌﾝￌﾝ ￒﾉZￌﾡￌﾖￌﾜￍﾖￌﾰￌﾣￍﾉￌﾜaￍﾖￌﾰￍﾙￌﾬￍﾡlￌﾲￌﾫￌﾳￍﾍￌﾩgￌﾡￌﾟￌﾼￌﾱￍﾚￌﾞￌﾬￍﾅoￌﾗￍﾜ.ￌﾟ",
+"ￌﾦHￌﾬￌﾤￌﾗￌﾤￍﾝeￍﾜ ￌﾜￌﾥￌﾝￌﾻￍﾍￌﾟￌﾁwￌﾕhￌﾖￌﾯￍﾓoￌﾝￍﾙￌﾖￍﾎￌﾱￌﾮ ￒﾉￌﾺￌﾙￌﾞￌﾟￍﾈWￌﾷￌﾼￌﾭaￌﾺￌﾪￍﾍￄﾯￍﾈￍﾕￌﾭￍﾙￌﾯￌﾜtￌﾶￌﾼￌﾮsￌﾘￍﾙￍﾖￌﾕ ￌﾠￌﾫￌﾠBￌﾻￍﾍￍﾙￍﾉￌﾳￍﾅeￌﾵhￌﾵￌﾬￍﾇￌﾫￍﾙiￌﾹￍﾓￌﾳￌﾳￌﾮￍﾎￌﾫￌﾕnￍﾟdￌﾴￌﾪￌﾜￌﾖ ￌﾰￍﾉￌﾩￍﾇￍﾙￌﾲￍﾞￍﾅTￍﾖￌﾼￍﾓￌﾪￍﾢhￍﾏￍﾓￌﾮￌﾻeￌﾬￌﾝￌﾟￍﾅ ￌﾤￌﾹￌﾝWￍﾙￌﾞￌﾝￍﾔￍﾇￍﾝￍﾅaￍﾏￍﾓￍﾔￌﾹￌﾼￌﾣlￌﾴￍﾔￌﾰￌﾤￌﾟￍﾔ￡ﾸﾽￌﾫ.ￍﾕ",
+"Zￌﾮￌﾞￌﾠￍﾙￍﾔￍﾅ￡ﾸﾀￌﾗￌﾞￍﾈￌﾻￌﾗ￡ﾸﾶￍﾙￍﾎￌﾯￌﾹￌﾞￍﾓGￌﾻOￌﾭￌﾗￌﾮ",
+
+//	Unicode Upsidedown
+//
+//	Strings which contain unicode with an \"upsidedown\" effect (via http://www.upsidedowntext.com)
+
+"ￋﾙ￉ﾐnb￡ﾴﾉl￉ﾐ ￉ﾐuￆﾃ￉ﾐ￉ﾯ ￇﾝ￉ﾹolop ￊﾇￇﾝ ￇﾝ￉ﾹoq￉ﾐl ￊﾇn ￊﾇunp￡ﾴﾉp￡ﾴﾉ￉ﾔu￡ﾴﾉ ￉ﾹod￉ﾯￇﾝￊﾇ po￉ﾯsn￡ﾴﾉￇﾝ op pￇﾝs 'ￊﾇ￡ﾴﾉlￇﾝ ￆﾃu￡ﾴﾉ￉ﾔs￡ﾴﾉd￡ﾴﾉp￉ﾐ ￉ﾹnￊﾇￇﾝￊﾇ￉ﾔￇﾝsuo￉ﾔ 'ￊﾇￇﾝ￉ﾯ￉ﾐ ￊﾇ￡ﾴﾉs ￉ﾹolop ￉ﾯnsd￡ﾴﾉ ￉ﾯￇﾝ￉ﾹoￋﾥ",
+"00ￋﾙￆﾖ$-",
+
+//	Unicode font
+//
+//	Strings which contain bold/italic/etc. versions of normal characters
+
+"￯ﾼﾴ￯ﾽﾈ￯ﾽﾅ ￯ﾽﾑ￯ﾽﾕ￯ﾽﾉ￯ﾽﾃ￯ﾽﾋ ￯ﾽﾂ￯ﾽﾒ￯ﾽﾏ￯ﾽﾗ￯ﾽﾎ ￯ﾽﾆ￯ﾽﾏ￯ﾽﾘ ￯ﾽﾊ￯ﾽﾕ￯ﾽﾍ￯ﾽﾐ￯ﾽﾓ ￯ﾽﾏ￯ﾽﾖ￯ﾽﾅ￯ﾽﾒ ￯ﾽﾔ￯ﾽﾈ￯ﾽﾅ ￯ﾽﾌ￯ﾽﾁ￯ﾽﾚ￯ﾽﾙ ￯ﾽﾄ￯ﾽﾏ￯ﾽﾇ",
+"￰ﾝﾐﾓ￰ﾝﾐﾡ￰ﾝﾐﾞ ￰ﾝﾐﾪ￰ﾝﾐﾮ￰ﾝﾐﾢ￰ﾝﾐﾜ￰ﾝﾐﾤ ￰ﾝﾐﾛ￰ﾝﾐﾫ￰ﾝﾐﾨ￰ﾝﾐﾰ￰ﾝﾐﾧ ￰ﾝﾐﾟ￰ﾝﾐﾨ￰ﾝﾐﾱ ￰ﾝﾐﾣ￰ﾝﾐﾮ￰ﾝﾐﾦ￰ﾝﾐﾩ￰ﾝﾐﾬ ￰ﾝﾐﾨ￰ﾝﾐﾯ￰ﾝﾐﾞ￰ﾝﾐﾫ ￰ﾝﾐﾭ￰ﾝﾐﾡ￰ﾝﾐﾞ ￰ﾝﾐﾥ￰ﾝﾐﾚ￰ﾝﾐﾳ￰ﾝﾐﾲ ￰ﾝﾐﾝ￰ﾝﾐﾨ￰ﾝﾐﾠ",
+"￰ﾝﾕ﾿￰ﾝﾖﾍ￰ﾝﾖﾊ ￰ﾝﾖﾖ￰ﾝﾖﾚ￰ﾝﾖﾎ￰ﾝﾖﾈ￰ﾝﾖﾐ ￰ﾝﾖﾇ￰ﾝﾖﾗ￰ﾝﾖﾔ￰ﾝﾖﾜ￰ﾝﾖﾓ ￰ﾝﾖﾋ￰ﾝﾖﾔ￰ﾝﾖﾝ ￰ﾝﾖﾏ￰ﾝﾖﾚ￰ﾝﾖﾒ￰ﾝﾖﾕ￰ﾝﾖﾘ ￰ﾝﾖﾔ￰ﾝﾖﾛ￰ﾝﾖﾊ￰ﾝﾖﾗ ￰ﾝﾖﾙ￰ﾝﾖﾍ￰ﾝﾖﾊ ￰ﾝﾖﾑ￰ﾝﾖﾆ￰ﾝﾖﾟ￰ﾝﾖﾞ ￰ﾝﾖﾉ￰ﾝﾖﾔ￰ﾝﾖﾌ",
+"￰ﾝﾑﾻ￰ﾝﾒﾉ￰ﾝﾒﾆ ￰ﾝﾒﾒ￰ﾝﾒﾖ￰ﾝﾒﾊ￰ﾝﾒﾄ￰ﾝﾒﾌ ￰ﾝﾒﾃ￰ﾝﾒﾓ￰ﾝﾒﾐ￰ﾝﾒﾘ￰ﾝﾒﾏ ￰ﾝﾒﾇ￰ﾝﾒﾐ￰ﾝﾒﾙ ￰ﾝﾒﾋ￰ﾝﾒﾖ￰ﾝﾒﾎ￰ﾝﾒﾑ￰ﾝﾒﾔ ￰ﾝﾒﾐ￰ﾝﾒﾗ￰ﾝﾒﾆ￰ﾝﾒﾓ ￰ﾝﾒﾕ￰ﾝﾒﾉ￰ﾝﾒﾆ ￰ﾝﾒﾍ￰ﾝﾒﾂ￰ﾝﾒﾛ￰ﾝﾒﾚ ￰ﾝﾒﾅ￰ﾝﾒﾐ￰ﾝﾒﾈ",
+"￰ﾝﾓﾣ￰ﾝﾓﾱ￰ﾝﾓﾮ ￰ﾝﾓﾺ￰ﾝﾓﾾ￰ﾝﾓﾲ￰ﾝﾓﾬ￰ﾝﾓﾴ ￰ﾝﾓﾫ￰ﾝﾓﾻ￰ﾝﾓﾸ￰ﾝﾔﾀ￰ﾝﾓﾷ ￰ﾝﾓﾯ￰ﾝﾓﾸ￰ﾝﾔﾁ ￰ﾝﾓﾳ￰ﾝﾓﾾ￰ﾝﾓﾶ￰ﾝﾓﾹ￰ﾝﾓﾼ ￰ﾝﾓﾸ￰ﾝﾓ﾿￰ﾝﾓﾮ￰ﾝﾓﾻ ￰ﾝﾓﾽ￰ﾝﾓﾱ￰ﾝﾓﾮ ￰ﾝﾓﾵ￰ﾝﾓﾪ￰ﾝﾔﾃ￰ﾝﾔﾂ ￰ﾝﾓﾭ￰ﾝﾓﾸ￰ﾝﾓﾰ",
+"￰ﾝﾕﾋ￰ﾝﾕﾙ￰ﾝﾕﾖ ￰ﾝﾕﾢ￰ﾝﾕﾦ￰ﾝﾕﾚ￰ﾝﾕﾔ￰ﾝﾕﾜ ￰ﾝﾕﾓ￰ﾝﾕﾣ￰ﾝﾕﾠ￰ﾝﾕﾨ￰ﾝﾕﾟ ￰ﾝﾕﾗ￰ﾝﾕﾠ￰ﾝﾕﾩ ￰ﾝﾕﾛ￰ﾝﾕﾦ￰ﾝﾕﾞ￰ﾝﾕﾡ￰ﾝﾕﾤ ￰ﾝﾕﾠ￰ﾝﾕﾧ￰ﾝﾕﾖ￰ﾝﾕﾣ ￰ﾝﾕﾥ￰ﾝﾕﾙ￰ﾝﾕﾖ ￰ﾝﾕﾝ￰ﾝﾕﾒ￰ﾝﾕﾫ￰ﾝﾕﾪ ￰ﾝﾕﾕ￰ﾝﾕﾠ￰ﾝﾕﾘ",
+"￰ﾝﾚﾃ￰ﾝﾚﾑ￰ﾝﾚﾎ ￰ﾝﾚﾚ￰ﾝﾚﾞ￰ﾝﾚﾒ￰ﾝﾚﾌ￰ﾝﾚﾔ ￰ﾝﾚﾋ￰ﾝﾚﾛ￰ﾝﾚﾘ￰ﾝﾚﾠ￰ﾝﾚﾗ ￰ﾝﾚﾏ￰ﾝﾚﾘ￰ﾝﾚﾡ ￰ﾝﾚﾓ￰ﾝﾚﾞ￰ﾝﾚﾖ￰ﾝﾚﾙ￰ﾝﾚﾜ ￰ﾝﾚﾘ￰ﾝﾚﾟ￰ﾝﾚﾎ￰ﾝﾚﾛ ￰ﾝﾚﾝ￰ﾝﾚﾑ￰ﾝﾚﾎ ￰ﾝﾚﾕ￰ﾝﾚﾊ￰ﾝﾚﾣ￰ﾝﾚﾢ ￰ﾝﾚﾍ￰ﾝﾚﾘ￰ﾝﾚﾐ",
+"￢ﾒﾯ￢ﾒﾣ￢ﾒﾠ ￢ﾒﾬ￢ﾒﾰ￢ﾒﾤ￢ﾒﾞ￢ﾒﾦ ￢ﾒﾝ￢ﾒﾭ￢ﾒﾪ￢ﾒﾲ￢ﾒﾩ ￢ﾒﾡ￢ﾒﾪ￢ﾒﾳ ￢ﾒﾥ￢ﾒﾰ￢ﾒﾨ￢ﾒﾫ￢ﾒﾮ ￢ﾒﾪ￢ﾒﾱ￢ﾒﾠ￢ﾒﾭ ￢ﾒﾯ￢ﾒﾣ￢ﾒﾠ ￢ﾒﾧ￢ﾒﾜ￢ﾒﾵ￢ﾒﾴ ￢ﾒﾟ￢ﾒﾪ￢ﾒﾢ",
+
+//	Script Injection
+//
+//	Strings which attempt to invoke a benign script injection; shows vulnerability to XSS
+
+"<script>alert(123)</script>",
+"&lt;script&gt;alert(&#39;123&#39;);&lt;/script&gt;",
+"<img src=x onerror=alert(123) />",
+"<svg><script>123<1>alert(123)</script>",
+"\"><script>alert(123)</script>",
+"'><script>alert(123)</script>",
+"><script>alert(123)</script>",
+"</script><script>alert(123)</script>",
+"< / script >< script >alert(123)< / script >",
+" onfocus=JaVaSCript:alert(123) autofocus",
+"\" onfocus=JaVaSCript:alert(123) autofocus",
+"' onfocus=JaVaSCript:alert(123) autofocus",
+"￯ﾼﾜscript￯ﾼﾞalert(123)￯ﾼﾜ/script￯ﾼﾞ",
+"<sc<script>ript>alert(123)</sc</script>ript>",
+"--><script>alert(123)</script>",
+"\";alert(123);t=\"",
+"';alert(123);t='",
+"JavaSCript:alert(123)",
+";alert(123);",
+"src=JaVaSCript:prompt(132)",
+"\"><script>alert(123);</script x=\"",
+"'><script>alert(123);</script x='",
+"><script>alert(123);</script x=",
+"\" autofocus onkeyup=\"javascript:alert(123)",
+"' autofocus onkeyup='javascript:alert(123)",
+"<script\\x20type=\"text/javascript\">javascript:alert(1);</script>",
+"<script\\x3Etype=\"text/javascript\">javascript:alert(1);</script>",
+"<script\\x0Dtype=\"text/javascript\">javascript:alert(1);</script>",
+"<script\\x09type=\"text/javascript\">javascript:alert(1);</script>",
+"<script\\x0Ctype=\"text/javascript\">javascript:alert(1);</script>",
+"<script\\x2Ftype=\"text/javascript\">javascript:alert(1);</script>",
+"<script\\x0Atype=\"text/javascript\">javascript:alert(1);</script>",
+"'`\"><\\x3Cscript>javascript:alert(1)</script>",
+"'`\"><\\x00script>javascript:alert(1)</script>",
+"ABC<div style=\"x\\x3Aexpression(javascript:alert(1)\">DEF",
+"ABC<div style=\"x:expression\\x5C(javascript:alert(1)\">DEF",
+"ABC<div style=\"x:expression\\x00(javascript:alert(1)\">DEF",
+"ABC<div style=\"x:exp\\x00ression(javascript:alert(1)\">DEF",
+"ABC<div style=\"x:exp\\x5Cression(javascript:alert(1)\">DEF",
+"ABC<div style=\"x:\\x0Aexpression(javascript:alert(1)\">DEF",
+"ABC<div style=\"x:\\x09expression(javascript:alert(1)\">DEF",
+"ABC<div style=\"x:\\xE3\\x80\\x80expression(javascript:alert(1)\">DEF",
+"ABC<div style=\"x:\\xE2\\x80\\x84expression(javascript:alert(1)\">DEF",
+"ABC<div style=\"x:\\xC2\\xA0expression(javascript:alert(1)\">DEF",
+"ABC<div style=\"x:\\xE2\\x80\\x80expression(javascript:alert(1)\">DEF",
+"ABC<div style=\"x:\\xE2\\x80\\x8Aexpression(javascript:alert(1)\">DEF",
+"ABC<div style=\"x:\\x0Dexpression(javascript:alert(1)\">DEF",
+"ABC<div style=\"x:\\x0Cexpression(javascript:alert(1)\">DEF",
+"ABC<div style=\"x:\\xE2\\x80\\x87expression(javascript:alert(1)\">DEF",
+"ABC<div style=\"x:\\xEF\\xBB\\xBFexpression(javascript:alert(1)\">DEF",
+"ABC<div style=\"x:\\x20expression(javascript:alert(1)\">DEF",
+"ABC<div style=\"x:\\xE2\\x80\\x88expression(javascript:alert(1)\">DEF",
+"ABC<div style=\"x:\\x00expression(javascript:alert(1)\">DEF",
+"ABC<div style=\"x:\\xE2\\x80\\x8Bexpression(javascript:alert(1)\">DEF",
+"ABC<div style=\"x:\\xE2\\x80\\x86expression(javascript:alert(1)\">DEF",
+"ABC<div style=\"x:\\xE2\\x80\\x85expression(javascript:alert(1)\">DEF",
+"ABC<div style=\"x:\\xE2\\x80\\x82expression(javascript:alert(1)\">DEF",
+"ABC<div style=\"x:\\x0Bexpression(javascript:alert(1)\">DEF",
+"ABC<div style=\"x:\\xE2\\x80\\x81expression(javascript:alert(1)\">DEF",
+"ABC<div style=\"x:\\xE2\\x80\\x83expression(javascript:alert(1)\">DEF",
+"ABC<div style=\"x:\\xE2\\x80\\x89expression(javascript:alert(1)\">DEF",
+"<a href=\"\\x0Bjavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+"<a href=\"\\x0Fjavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+"<a href=\"\\xC2\\xA0javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+"<a href=\"\\x05javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+"<a href=\"\\xE1\\xA0\\x8Ejavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+"<a href=\"\\x18javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+"<a href=\"\\x11javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+"<a href=\"\\xE2\\x80\\x88javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+"<a href=\"\\xE2\\x80\\x89javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+"<a href=\"\\xE2\\x80\\x80javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+"<a href=\"\\x17javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+"<a href=\"\\x03javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+"<a href=\"\\x0Ejavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+"<a href=\"\\x1Ajavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+"<a href=\"\\x00javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+"<a href=\"\\x10javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+"<a href=\"\\xE2\\x80\\x82javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+"<a href=\"\\x20javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+"<a href=\"\\x13javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+"<a href=\"\\x09javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+"<a href=\"\\xE2\\x80\\x8Ajavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+"<a href=\"\\x14javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+"<a href=\"\\x19javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+"<a href=\"\\xE2\\x80\\xAFjavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+"<a href=\"\\x1Fjavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+"<a href=\"\\xE2\\x80\\x81javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+"<a href=\"\\x1Djavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+"<a href=\"\\xE2\\x80\\x87javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+"<a href=\"\\x07javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+"<a href=\"\\xE1\\x9A\\x80javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+"<a href=\"\\xE2\\x80\\x83javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+"<a href=\"\\x04javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+"<a href=\"\\x01javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+"<a href=\"\\x08javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+"<a href=\"\\xE2\\x80\\x84javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+"<a href=\"\\xE2\\x80\\x86javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+"<a href=\"\\xE3\\x80\\x80javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+"<a href=\"\\x12javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+"<a href=\"\\x0Djavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+"<a href=\"\\x0Ajavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+"<a href=\"\\x0Cjavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+"<a href=\"\\x15javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+"<a href=\"\\xE2\\x80\\xA8javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+"<a href=\"\\x16javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+"<a href=\"\\x02javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+"<a href=\"\\x1Bjavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+"<a href=\"\\x06javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+"<a href=\"\\xE2\\x80\\xA9javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+"<a href=\"\\xE2\\x80\\x85javascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+"<a href=\"\\x1Ejavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+"<a href=\"\\xE2\\x81\\x9Fjavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+"<a href=\"\\x1Cjavascript:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+"<a href=\"javascript\\x00:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+"<a href=\"javascript\\x3A:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+"<a href=\"javascript\\x09:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+"<a href=\"javascript\\x0D:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+"<a href=\"javascript\\x0A:javascript:alert(1)\" id=\"fuzzelement1\">test</a>",
+"`\"'><img src=xxx:x \\x0Aonerror=javascript:alert(1)>",
+"`\"'><img src=xxx:x \\x22onerror=javascript:alert(1)>",
+"`\"'><img src=xxx:x \\x0Bonerror=javascript:alert(1)>",
+"`\"'><img src=xxx:x \\x0Donerror=javascript:alert(1)>",
+"`\"'><img src=xxx:x \\x2Fonerror=javascript:alert(1)>",
+"`\"'><img src=xxx:x \\x09onerror=javascript:alert(1)>",
+"`\"'><img src=xxx:x \\x0Conerror=javascript:alert(1)>",
+"`\"'><img src=xxx:x \\x00onerror=javascript:alert(1)>",
+"`\"'><img src=xxx:x \\x27onerror=javascript:alert(1)>",
+"`\"'><img src=xxx:x \\x20onerror=javascript:alert(1)>",
+"\"`'><script>\\x3Bjavascript:alert(1)</script>",
+"\"`'><script>\\x0Djavascript:alert(1)</script>",
+"\"`'><script>\\xEF\\xBB\\xBFjavascript:alert(1)</script>",
+"\"`'><script>\\xE2\\x80\\x81javascript:alert(1)</script>",
+"\"`'><script>\\xE2\\x80\\x84javascript:alert(1)</script>",
+"\"`'><script>\\xE3\\x80\\x80javascript:alert(1)</script>",
+"\"`'><script>\\x09javascript:alert(1)</script>",
+"\"`'><script>\\xE2\\x80\\x89javascript:alert(1)</script>",
+"\"`'><script>\\xE2\\x80\\x85javascript:alert(1)</script>",
+"\"`'><script>\\xE2\\x80\\x88javascript:alert(1)</script>",
+"\"`'><script>\\x00javascript:alert(1)</script>",
+"\"`'><script>\\xE2\\x80\\xA8javascript:alert(1)</script>",
+"\"`'><script>\\xE2\\x80\\x8Ajavascript:alert(1)</script>",
+"\"`'><script>\\xE1\\x9A\\x80javascript:alert(1)</script>",
+"\"`'><script>\\x0Cjavascript:alert(1)</script>",
+"\"`'><script>\\x2Bjavascript:alert(1)</script>",
+"\"`'><script>\\xF0\\x90\\x96\\x9Ajavascript:alert(1)</script>",
+"\"`'><script>-javascript:alert(1)</script>",
+"\"`'><script>\\x0Ajavascript:alert(1)</script>",
+"\"`'><script>\\xE2\\x80\\xAFjavascript:alert(1)</script>",
+"\"`'><script>\\x7Ejavascript:alert(1)</script>",
+"\"`'><script>\\xE2\\x80\\x87javascript:alert(1)</script>",
+"\"`'><script>\\xE2\\x81\\x9Fjavascript:alert(1)</script>",
+"\"`'><script>\\xE2\\x80\\xA9javascript:alert(1)</script>",
+"\"`'><script>\\xC2\\x85javascript:alert(1)</script>",
+"\"`'><script>\\xEF\\xBF\\xAEjavascript:alert(1)</script>",
+"\"`'><script>\\xE2\\x80\\x83javascript:alert(1)</script>",
+"\"`'><script>\\xE2\\x80\\x8Bjavascript:alert(1)</script>",
+"\"`'><script>\\xEF\\xBF\\xBEjavascript:alert(1)</script>",
+"\"`'><script>\\xE2\\x80\\x80javascript:alert(1)</script>",
+"\"`'><script>\\x21javascript:alert(1)</script>",
+"\"`'><script>\\xE2\\x80\\x82javascript:alert(1)</script>",
+"\"`'><script>\\xE2\\x80\\x86javascript:alert(1)</script>",
+"\"`'><script>\\xE1\\xA0\\x8Ejavascript:alert(1)</script>",
+"\"`'><script>\\x0Bjavascript:alert(1)</script>",
+"\"`'><script>\\x20javascript:alert(1)</script>",
+"\"`'><script>\\xC2\\xA0javascript:alert(1)</script>",
+"<img \\x00src=x onerror=\"alert(1)\">",
+"<img \\x47src=x onerror=\"javascript:alert(1)\">",
+"<img \\x11src=x onerror=\"javascript:alert(1)\">",
+"<img \\x12src=x onerror=\"javascript:alert(1)\">",
+"<img\\x47src=x onerror=\"javascript:alert(1)\">",
+"<img\\x10src=x onerror=\"javascript:alert(1)\">",
+"<img\\x13src=x onerror=\"javascript:alert(1)\">",
+"<img\\x32src=x onerror=\"javascript:alert(1)\">",
+"<img\\x47src=x onerror=\"javascript:alert(1)\">",
+"<img\\x11src=x onerror=\"javascript:alert(1)\">",
+"<img \\x47src=x onerror=\"javascript:alert(1)\">",
+"<img \\x34src=x onerror=\"javascript:alert(1)\">",
+"<img \\x39src=x onerror=\"javascript:alert(1)\">",
+"<img \\x00src=x onerror=\"javascript:alert(1)\">",
+"<img src\\x09=x onerror=\"javascript:alert(1)\">",
+"<img src\\x10=x onerror=\"javascript:alert(1)\">",
+"<img src\\x13=x onerror=\"javascript:alert(1)\">",
+"<img src\\x32=x onerror=\"javascript:alert(1)\">",
+"<img src\\x12=x onerror=\"javascript:alert(1)\">",
+"<img src\\x11=x onerror=\"javascript:alert(1)\">",
+"<img src\\x00=x onerror=\"javascript:alert(1)\">",
+"<img src\\x47=x onerror=\"javascript:alert(1)\">",
+"<img src=x\\x09onerror=\"javascript:alert(1)\">",
+"<img src=x\\x10onerror=\"javascript:alert(1)\">",
+"<img src=x\\x11onerror=\"javascript:alert(1)\">",
+"<img src=x\\x12onerror=\"javascript:alert(1)\">",
+"<img src=x\\x13onerror=\"javascript:alert(1)\">",
+"<img[a][b][c]src[d]=x[e]onerror=[f]\"alert(1)\">",
+"<img src=x onerror=\\x09\"javascript:alert(1)\">",
+"<img src=x onerror=\\x10\"javascript:alert(1)\">",
+"<img src=x onerror=\\x11\"javascript:alert(1)\">",
+"<img src=x onerror=\\x12\"javascript:alert(1)\">",
+"<img src=x onerror=\\x32\"javascript:alert(1)\">",
+"<img src=x onerror=\\x00\"javascript:alert(1)\">",
+"<a href=java&#1&#2&#3&#4&#5&#6&#7&#8&#11&#12script:javascript:alert(1)>XXX</a>",
+"<img src=\"x` `<script>javascript:alert(1)</script>\"` `>",
+"<img src onerror /\" '\"= alt=javascript:alert(1)//\">",
+"<title onpropertychange=javascript:alert(1)></title><title title=>",
+"<a href=http://foo.bar/#x=`y></a><img alt=\"`><img src=x:x onerror=javascript:alert(1)></a>\">",
+"<!--[if]><script>javascript:alert(1)</script -->",
+"<!--[if<img src=x onerror=javascript:alert(1)//]> -->",
+"<script src=\"/\%(jscript)s\"></script>",
+"<script src=\"\\%(jscript)s\"></script>",
+"<IMG \"\"\"><SCRIPT>alert(\"XSS\")</SCRIPT>\">",
+"<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>",
+"<IMG SRC=# onmouseover=\"alert('xxs')\">",
+"<IMG SRC= onmouseover=\"alert('xxs')\">",
+"<IMG onmouseover=\"alert('xxs')\">",
+"<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>",
+"<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>",
+"<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>",
+"<IMG SRC=\"jav   ascript:alert('XSS');\">",
+"<IMG SRC=\"jav&#x09;ascript:alert('XSS');\">",
+"<IMG SRC=\"jav&#x0A;ascript:alert('XSS');\">",
+"<IMG SRC=\"jav&#x0D;ascript:alert('XSS');\">",
+"perl -e 'print \"<IMG SRC=java\0script:alert(\"XSS\")>\";' > out",
+"<IMG SRC=\" &#14;  javascript:alert('XSS');\">",
+"<SCRIPT/XSS SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>",
+"<BODY onload!#$%&()*~+-_.,:;?@[/|\\]^`=alert(\"XSS\")>",
+"<SCRIPT/SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>",
+"<<SCRIPT>alert(\"XSS\");//<</SCRIPT>",
+"<SCRIPT SRC=http://ha.ckers.org/xss.js?< B >",
+"<SCRIPT SRC=//ha.ckers.org/.j>",
+"<IMG SRC=\"javascript:alert('XSS')\"",
+"<iframe src=http://ha.ckers.org/scriptlet.html <",
+"\\\";alert('XSS');//",
+"<u oncopy=alert()> Copy me</u>",
+"<i onwheel=alert(1)> Scroll over me </i>",
+"<plaintext>",
+"http://a/%%30%30",
+"</textarea><script>alert(123)</script>",
+
+//	SQL Injection
+//
+//	Strings which can cause a SQL injection if inputs are not sanitized
+
+"1;DROP TABLE users",
+"1'; DROP TABLE users-- 1",
+"' OR 1=1 -- 1",
+"' OR '1'='1",
+" ",
+"%",
+"_",
+
+//	Server Code Injection
+//
+//	Strings which can cause user to run code on server as a privileged user (c.f. https://news.ycombinator.com/item?id=7665153)
+
+"-",
+"--",
+"--version",
+"--help",
+"$USER",
+"/dev/null; touch /tmp/blns.fail ; echo",
+"`touch /tmp/blns.fail`",
+"$(touch /tmp/blns.fail)",
+"@{[system \"touch /tmp/blns.fail\"]}",
+
+//	Command Injection (Ruby)
+//
+//	Strings which can call system commands within Ruby/Rails applications
+
+"eval(\"puts 'hello world'\")",
+"System(\"ls -al /\")",
+"`ls -al /`",
+"Kernel.exec(\"ls -al /\")",
+"Kernel.exit(1)",
+"%x('ls -al /')",
+
+//      XXE Injection (XML)
+//
+//	String which can reveal system files when parsed by a badly configured XML parser
+
+"<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?><!DOCTYPE foo [ <!ELEMENT foo ANY ><!ENTITY xxe SYSTEM \"file:///etc/passwd\" >]><foo>&xxe;</foo>",
+
+//	Unwanted Interpolation
+//
+//	Strings which can be accidentally expanded into different strings if evaluated in the wrong context, e.g. used as a printf format string or via Perl or shell eval. Might expose sensitive data from the program doing the interpolation, or might just represent the wrong string.
+
+"$HOME",
+"$ENV{'HOME'}",
+"%d",
+"%s",
+"{0}",
+"%*.*s",
+"File:///",
+
+//	File Inclusion
+//
+//	Strings which can cause user to pull in files that should not be a part of a web server
+
+"../../../../../../../../../../../etc/passwd%00",
+"../../../../../../../../../../../etc/hosts",
+
+//	Known CVEs and Vulnerabilities
+//
+//	Strings that test for known vulnerabilities
+
+"() { 0; }; touch /tmp/blns.shellshock1.fail;",
+"() { _; } >_[$($())] { touch /tmp/blns.shellshock2.fail; }",
+"<<< %s(un='%s') = %u",
+"+++ATH0",
+
+//	MSDOS/Windows Special Filenames
+//
+//	Strings which are reserved characters in MSDOS/Windows
+
+"CON",
+"PRN",
+"AUX",
+"CLOCK$",
+"NUL",
+"A:",
+"ZZ:",
+"COM1",
+"LPT1",
+"LPT2",
+"LPT3",
+"COM2",
+"COM3",
+"COM4",
+
+//   IRC specific strings
+//
+//   Strings that may occur on IRC clients that make security products freak out
+
+"DCC SEND STARTKEYLOGGER 0 0 0",
+
+//	Scunthorpe Problem
+//
+//	Innocuous strings which may be blocked by profanity filters (https://en.wikipedia.org/wiki/Scunthorpe_problem)
+
+"Scunthorpe General Hospital",
+"Penistone Community Church",
+"Lightwater Country Park",
+"Jimmy Clitheroe",
+"Horniman Museum",
+"shitake mushrooms",
+"RomansInSussex.co.uk",
+"http://www.cum.qc.ca/",
+"Craig Cockburn, Software Specialist",
+"Linda Callahan",
+"Dr. Herman I. Libshitz",
+"magna cum laude",
+"Super Bowl XXX",
+"medieval erection of parapets",
+"evaluate",
+"mocha",
+"expression",
+"Arsenal canal",
+"classic",
+"Tyson Gay",
+"Dick Van Dyke",
+"basement",
+
+//	Human injection
+//
+//	Strings which may cause human to reinterpret worldview
+
+"If you're reading this, you've been in a coma for almost 20 years now. We're trying a new technique. We don't know where this message will end up in your dream, but we hope it works. Please wake up, we miss you.",
+
+//	Terminal escape codes
+//
+//	Strings which punish the fools who use cat/type on this file
+
+"Roses are [0;31mred[0m, violets are [0;34mblue. Hope you enjoy terminal hue",
+"But now...[20Cfor my greatest trick...[8m",
+"The quick brown fox... [Beeeep]",
+
+//	iOS Vulnerabilities
+//
+//	Strings which crashed iMessage in various versions of iOS
+
+"Power￙ﾄ￙ﾏ￙ﾄ￙ﾏ￘ﾵ￙ﾑ￘ﾨ￙ﾏ￙ﾄ￙ﾏ￙ﾄ￘ﾵ￙ﾑ￘ﾨ￙ﾏ￘ﾱ￘ﾱ￙ﾋ ￠ﾥﾣ ￠ﾥﾣh ￠ﾥﾣ ￠ﾥﾣ￥ﾆﾗ",
+"￰ﾟﾏﾳ0￰ﾟﾌﾈ￯ﾸﾏ"
+};
+\ No newline at end of file
diff --git a/include/token_authorization_middleware.hpp b/include/token_authorization_middleware.hpp
new file mode 100644
index 0000000000..801c75f91b
--- /dev/null
+++ b/include/token_authorization_middleware.hpp
@@ -0,0 +1,23 @@
+#pragma once
+
+#include <crow/http_request.h>
+#include <crow/http_response.h>
+
+namespace crow
+{
+    struct TokenAuthorizationMiddleware {
+
+        struct context {
+            std::unordered_map<std::string, std::string> cookie_sessions;
+            std::unordered_map<std::string, std::string> cookies_to_push_to_client;
+
+            std::string get_cookie(const std::string& key);
+
+            void set_cookie(const std::string& key, const std::string& value);
+        };
+
+        void before_handle(crow::request& req, response& res, context& ctx);
+
+        void after_handle(request& req, response& res, context& ctx);
+    };
+}
+\ No newline at end of file
diff --git a/scripts/file_to_string_array.py b/scripts/file_to_string_array.py
new file mode 100644
index 0000000000..b81e854901
--- /dev/null
+++ b/scripts/file_to_string_array.py
@@ -0,0 +1,29 @@
+# -*- coding: utf-8 -*-
+import os.path
+import string
+import sys
+
+
+def print_buf(counter, buf):
+    buf2 = [('%02x' % ord(i)) for i in buf]
+    print '{0}: {1:<39}  {2}'.format(('%07x' % (counter * 16)),
+        ' '.join([''.join(buf2[i:i + 2]) for i in range(0, len(buf2), 2)]),
+        ''.join([c if c in string.printable[:-5] else '.' for c in buf]))
+
+
+def process_xxd(file_path):
+    with open(file_path, 'r') as f:
+        counter = 0
+        while True:
+            buf = f.read(16)
+            if not buf:
+                break
+            print_buf(counter, buf)
+            counter += 1
+
+
+if __name__ == '__main__':
+    if not os.path.exists(sys.argv[1]):
+        print >> (sys.stderr, "The file doesn't exist.")
+        sys.exit(1)
+    process_xxd(sys.argv[1])
+\ No newline at end of file
diff --git a/src/base64.cpp b/src/base64.cpp
new file mode 100644
index 0000000000..259288757b
--- /dev/null
+++ b/src/base64.cpp
@@ -0,0 +1,138 @@
+#include <base64.hpp>
+#include <cassert>
+
+namespace base64
+{
+bool base64_encode(const gsl::cstring_span<> &input, std::string &output)
+{
+    static const char encoding_data[] =
+        "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+
+    unsigned int input_length = input.size();
+
+    // allocate space for output string
+    output.clear();
+    output.reserve(((input_length + 2) / 3) * 4);
+
+    // for each 3-bytes sequence from the input, extract 4 6-bits sequences and
+    // encode using
+    // encoding_data lookup table.
+    // if input do not contains enough chars to complete 3-byte sequence,use pad
+    // char '='
+    for (unsigned int i = 0; i < input_length; i++) {
+        int base64code0 = 0;
+        int base64code1 = 0;
+        int base64code2 = 0;
+        int base64code3 = 0;
+
+        base64code0 = (input[i] >> 2) & 0x3f;  // 1-byte 6 bits
+        output += encoding_data[base64code0];
+        base64code1 = (input[i] << 4) & 0x3f;  // 1-byte 2 bits +
+
+        if (++i < input_length) {
+            base64code1 |= (input[i] >> 4) & 0x0f;  // 2-byte 4 bits
+            output += encoding_data[base64code1];
+            base64code2 = (input[i] << 2) & 0x3f;  // 2-byte 4 bits +
+
+            if (++i < input_length) {
+                base64code2 |= (input[i] >> 6) & 0x03;  // 3-byte 2 bits
+                base64code3 = input[i] & 0x3f;          // 3-byte 6 bits
+                output += encoding_data[base64code2];
+                output += encoding_data[base64code3];
+            } else {
+                output += encoding_data[base64code2];
+                output += '=';
+            }
+        } else {
+            output += encoding_data[base64code1];
+            output += '=';
+            output += '=';
+        }
+    }
+
+    return true;
+}
+
+
+bool base64_decode(const gsl::cstring_span<> &input, std::string &output) 
+{
+  static const char nop = -1;
+  static const char decoding_data[] = {
+      nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop,
+      nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop,
+      nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, 62,  nop,
+      nop, nop, 63,  52,  53,  54,  55,  56,  57,  58,  59,  60,  61,  nop, nop,
+      nop, nop, nop, nop, nop, 0,   1,   2,   3,   4,   5,   6,   7,   8,   9,
+      10,  11,  12,  13,  14,  15,  16,  17,  18,  19,  20,  21,  22,  23,  24,
+      25,  nop, nop, nop, nop, nop, nop, 26,  27,  28,  29,  30,  31,  32,  33,
+      34,  35,  36,  37,  38,  39,  40,  41,  42,  43,  44,  45,  46,  47,  48,
+      49,  50,  51,  nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop,
+      nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop,
+      nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop,
+      nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop,
+      nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop,
+      nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop,
+      nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop,
+      nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop,
+      nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop, nop,
+      nop};
+
+  unsigned int input_length = input.size();
+
+  // allocate space for output string
+  output.clear();
+  output.reserve(((input_length + 2) / 3) * 4);
+
+  // for each 4-bytes sequence from the input, extract 4 6-bits sequences by
+  // droping first two bits
+  // and regenerate into 3 8-bits sequence
+
+  for (unsigned int i = 0; i < input_length; i++) {
+    char base64code0;
+    char base64code1;
+    char base64code2 = 0; // initialized to 0 to suppress warnings
+    char base64code3;
+
+    base64code0 = decoding_data[static_cast<int>(input[i])];
+    if (base64code0 == nop) // non base64 character
+      return false;
+    if (!(++i < input_length)) // we need at least two input bytes for first
+                               // byte output
+      return false;
+    base64code1 = decoding_data[static_cast<int>(input[i])];
+    if (base64code1 == nop) // non base64 character
+      return false;
+
+    output += ((base64code0 << 2) | ((base64code1 >> 4) & 0x3));
+
+    if (++i < input_length) {
+      char c = input[i];
+      if (c == '=') { // padding , end of input
+        assert((base64code1 & 0x0f) == 0);
+        return true;
+      }
+      base64code2 = decoding_data[static_cast<int>(input[i])];
+      if (base64code2 == nop) // non base64 character
+        return false;
+
+      output += ((base64code1 << 4) & 0xf0) | ((base64code2 >> 2) & 0x0f);
+    }
+
+    if (++i < input_length) {
+      char c = input[i];
+      if (c == '=') { // padding , end of input
+        assert((base64code2 & 0x03) == 0);
+        return true;
+      }
+      base64code3 = decoding_data[static_cast<int>(input[i])];
+      if (base64code3 == nop) // non base64 character
+        return false;
+
+      output += (((base64code2 << 6) & 0xc0) | base64code3);
+    }
+  }
+
+  return true;
+}
+
+}
+\ No newline at end of file
diff --git a/src/base64_test.cpp b/src/base64_test.cpp
new file mode 100644
index 0000000000..3484976034
--- /dev/null
+++ b/src/base64_test.cpp
@@ -0,0 +1,62 @@
+#include "base64.hpp"
+#include "gtest/gtest.h"
+#include "big_list_of_naughty_strings.hpp"
+
+// Tests that Base64 basic strings work
+TEST(Base64, EncodeBasicString)
+{
+    std::string output;
+    EXPECT_TRUE(base64::base64_encode("Foo", output));
+}
+
+// Tests the test vectors available in the base64 spec
+TEST(Base64, EncodeRFC4648)
+{
+    std::string output;
+    EXPECT_TRUE(base64::base64_encode("", output));
+    EXPECT_EQ(output, "");
+    EXPECT_TRUE(base64::base64_encode("f", output));
+    EXPECT_EQ(output, "Zg==");
+    EXPECT_TRUE(base64::base64_encode("fo", output));
+    EXPECT_EQ(output, "Zm8=");
+    EXPECT_TRUE(base64::base64_encode("foo", output));
+    EXPECT_EQ(output, "Zm9v");
+    EXPECT_TRUE(base64::base64_encode("foob", output));
+    EXPECT_EQ(output, "Zm9vYg==");
+    EXPECT_TRUE(base64::base64_encode("fooba", output));
+    EXPECT_EQ(output, "Zm9vYmE=");
+    EXPECT_TRUE(base64::base64_encode("foobar", output));
+    EXPECT_EQ(output, "Zm9vYmFy");
+}
+
+// Tests the test vectors available in the base64 spec
+TEST(Base64, DecodeRFC4648)
+{
+    std::string output;
+    EXPECT_TRUE(base64::base64_decode("", output));
+    EXPECT_EQ(output, "");
+    EXPECT_TRUE(base64::base64_decode("Zg==", output));
+    EXPECT_EQ(output, "f");
+    EXPECT_TRUE(base64::base64_decode("Zm8=", output));
+    EXPECT_EQ(output, "fo");
+    EXPECT_TRUE(base64::base64_decode("Zm9v", output));
+    EXPECT_EQ(output, "foo");
+    EXPECT_TRUE(base64::base64_decode("Zm9vYg==", output));
+    EXPECT_EQ(output, "foob");
+    EXPECT_TRUE(base64::base64_decode("Zm9vYmE=", output));
+    EXPECT_EQ(output, "fooba");
+    EXPECT_TRUE(base64::base64_decode("Zm9vYmFy", output));
+    EXPECT_EQ(output, "foobar");
+}
+
+// Tests using pathalogical cases for all escapings
+TEST(Base64, NaugtyStrings){
+    std::string base64_string;
+    std::string decoded_string;
+    for (auto& str: naughty_strings){
+        EXPECT_TRUE(base64::base64_encode(str, base64_string));
+        EXPECT_TRUE(base64::base64_decode(base64_string, decoded_string));
+        EXPECT_EQ(str, decoded_string);
+    }
+}
+
diff --git a/src/blns.txt b/src/blns.txt
new file mode 100644
index 0000000000..cdbac02377
--- /dev/null
+++ b/src/blns.txt
@@ -0,0 +1,685 @@
+# sourced from https://raw.githubusercontent.com/minimaxir/big-list-of-naughty-strings/master/blns.txt
+
+#	Reserved Strings
+#
+#	Strings which may be used elsewhere in code
+
+undefined
+undef
+null
+NULL
+(null)
+nil
+NIL
+true
+false
+True
+False
+TRUE
+FALSE
+None
+hasOwnProperty
+\
+\\
+
+#	Numeric Strings
+#
+#	Strings which can be interpreted as numeric
+
+0
+1
+1.00
+$1.00
+1/2
+1E2
+1E02
+1E+02
+-1
+-1.00
+-$1.00
+-1/2
+-1E2
+-1E02
+-1E+02
+1/0
+0/0
+-2147483648/-1
+-9223372036854775808/-1
+-0
+-0.0
++0
++0.0
+0.00
+0..0
+.
+0.0.0
+0,00
+0,,0
+,
+0,0,0
+0.0/0
+1.0/0.0
+0.0/0.0
+1,0/0,0
+0,0/0,0
+--1
+-
+-.
+-,
+999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999
+NaN
+Infinity
+-Infinity
+INF
+1#INF
+-1#IND
+1#QNAN
+1#SNAN
+1#IND
+0x0
+0xffffffff
+0xffffffffffffffff
+0xabad1dea
+123456789012345678901234567890123456789
+1,000.00
+1 000.00
+1'000.00
+1,000,000.00
+1 000 000.00
+1'000'000.00
+1.000,00
+1 000,00
+1'000,00
+1.000.000,00
+1 000 000,00
+1'000'000,00
+01000
+08
+09
+2.2250738585072011e-308
+
+#	Special Characters
+#
+# ASCII punctuation.  All of these characters may need to be escaped in some
+# contexts.  Divided into three groups based on (US-layout) keyboard position.
+
+,./;'[]\-=
+<>?:"{}|_+
+!@#$%^&*()`~
+
+# Non-whitespace C0 controls: U+0001 through U+0008, U+000E through U+001F,
+# and U+007F (DEL)
+# Often forbidden to appear in various text-based file formats (e.g. XML),
+# or reused for internal delimiters on the theory that they should never
+# appear in input.
+# The next line may appear to be blank or mojibake in some viewers.
+
+
+# Non-whitespace C1 controls: U+0080 through U+0084 and U+0086 through U+009F.
+# Commonly misinterpreted as additional graphic characters.
+# The next line may appear to be blank, mojibake, or dingbats in some viewers.
+
+
+# Whitespace: all of the characters with category Zs, Zl, or Zp (in Unicode
+# version 8.0.0), plus U+0009 (HT), U+000B (VT), U+000C (FF), U+0085 (NEL),
+# and U+200B (ZERO WIDTH SPACE), which are in the C categories but are often
+# treated as whitespace in some contexts.
+# This file unfortunately cannot express strings containing
+# U+0000, U+000A, or U+000D (NUL, LF, CR).
+# The next line may appear to be blank or mojibake in some viewers.
+# The next line may be flagged for "trailing whitespace" in some viewers.
+	                  　
+
+# Unicode additional control characters: all of the characters with
+# general category Cf (in Unicode 8.0.0).
+# The next line may appear to be blank or mojibake in some viewers.
+؀؁؂؃؄؅؜۝܏᠎‌‍‎‏‪‫‬‭‮⁠⁡⁢⁣⁤⁦⁧⁨⁩⁪⁫⁬⁭⁮⁯￹￺￻𑂽𛲠𛲡𛲢𛲣𝅳𝅴𝅵𝅶𝅷𝅸𝅹𝅺󠀁󠀠󠀡󠀢󠀣󠀤󠀥󠀦󠀧󠀨󠀩󠀪󠀫󠀬󠀭󠀮󠀯󠀰󠀱󠀲󠀳󠀴󠀵󠀶󠀷󠀸󠀹󠀺󠀻󠀼󠀽󠀾󠀿󠁀󠁁󠁂󠁃󠁄󠁅󠁆󠁇󠁈󠁉󠁊󠁋󠁌󠁍󠁎󠁏󠁐󠁑󠁒󠁓󠁔󠁕󠁖󠁗󠁘󠁙󠁚󠁛󠁜󠁝󠁞󠁟󠁠󠁡󠁢󠁣󠁤󠁥󠁦󠁧󠁨󠁩󠁪󠁫󠁬󠁭󠁮󠁯󠁰󠁱󠁲󠁳󠁴󠁵󠁶󠁷󠁸󠁹󠁺󠁻󠁼󠁽󠁾󠁿
+
+# "Byte order marks", U+FEFF and U+FFFE, each on its own line.
+# The next two lines may appear to be blank or mojibake in some viewers.
+
+
+
+#	Unicode Symbols
+#
+#	Strings which contain common unicode symbols (e.g. smart quotes)
+
+Ω≈ç√∫˜µ≤≥÷
+åß∂ƒ©˙∆˚¬…æ
+œ∑´®†¥¨ˆøπ“‘
+¡™£¢∞§¶•ªº–≠
+¸˛Ç◊ı˜Â¯˘¿
+ÅÍÎÏ˝ÓÔÒÚÆ☃
+Œ„´‰ˇÁ¨ˆØ∏”’
+`⁄€‹›ﬁﬂ‡°·‚—±
+⅛⅜⅝⅞
+ЁЂЃЄЅІЇЈЉЊЋЌЍЎЏАБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯабвгдежзийклмнопрстуфхцчшщъыьэюя
+٠١٢٣٤٥٦٧٨٩
+
+#	Unicode Subscript/Superscript/Accents
+#
+#	Strings which contain unicode subscripts/superscripts; can cause rendering issues
+
+⁰⁴⁵
+₀₁₂
+⁰⁴⁵₀₁₂
+ด้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็ ด้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็ ด้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็
+
+#	Quotation Marks
+#
+#	Strings which contain misplaced quotation marks; can cause encoding errors
+
+'
+"
+''
+""
+'"'
+"''''"'"
+"'"'"''''"
+<foo val=“bar” />
+<foo val=“bar” />
+<foo val=”bar“ />
+<foo val=`bar' />
+
+#	Two-Byte Characters
+#
+#	Strings which contain two-byte characters: can cause rendering issues or character-length issues
+
+田中さんにあげて下さい
+パーティーへ行かないか
+和製漢語
+部落格
+사회과학원 어학연구소
+찦차를 타고 온 펲시맨과 쑛다리 똠방각하
+社會科學院語學研究所
+울란바토르
+𠜎𠜱𠝹𠱓𠱸𠲖𠳏
+
+#	Changing length when lowercased
+#
+#	Characters which increase in length (2 to 3 bytes) when lowercased
+#	Credit: https://twitter.com/jifa/status/625776454479970304
+
+Ⱥ
+Ⱦ
+
+#	Japanese Emoticons
+#
+#	Strings which consists of Japanese-style emoticons which are popular on the web
+
+ヽ༼ຈل͜ຈ༽ﾉ ヽ༼ຈل͜ຈ༽ﾉ
+(｡◕ ∀ ◕｡)
+｀ｨ(´∀｀∩
+__ﾛ(,_,*)
+・(￣∀￣)・:*:
+ﾟ･✿ヾ╲(｡◕‿◕｡)╱✿･ﾟ
+,。・:*:・゜’( ☻ ω ☻ )。・:*:・゜’
+(╯°□°）╯︵ ┻━┻)
+(ﾉಥ益ಥ）ﾉ ┻━┻
+┬─┬ノ( º _ ºノ)
+( ͡° ͜ʖ ͡°)
+
+#	Emoji
+#
+#	Strings which contain Emoji; should be the same behavior as two-byte characters, but not always
+
+😍
+👩🏽
+👾 🙇 💁 🙅 🙆 🙋 🙎 🙍
+🐵 🙈 🙉 🙊
+❤️ 💔 💌 💕 💞 💓 💗 💖 💘 💝 💟 💜 💛 💚 💙
+✋🏿 💪🏿 👐🏿 🙌🏿 👏🏿 🙏🏿
+🚾 🆒 🆓 🆕 🆖 🆗 🆙 🏧
+0️⃣ 1️⃣ 2️⃣ 3️⃣ 4️⃣ 5️⃣ 6️⃣ 7️⃣ 8️⃣ 9️⃣ 🔟
+
+#       Regional Indicator Symbols
+#
+#       Regional Indicator Symbols can be displayed differently across
+#       fonts, and have a number of special behaviors
+
+🇺🇸🇷🇺🇸 🇦🇫🇦🇲🇸
+🇺🇸🇷🇺🇸🇦🇫🇦🇲
+🇺🇸🇷🇺🇸🇦
+
+#	Unicode Numbers
+#
+#	Strings which contain unicode numbers; if the code is localized, it should see the input as numeric
+
+１２３
+١٢٣
+
+#	Right-To-Left Strings
+#
+#	Strings which contain text that should be rendered RTL if possible (e.g. Arabic, Hebrew)
+
+ثم نفس سقطت وبالتحديد،, جزيرتي باستخدام أن دنو. إذ هنا؟ الستار وتنصيب كان. أهّل ايطاليا، بريطانيا-فرنسا قد أخذ. سليمان، إتفاقية بين ما, يذكر الحدود أي بعد, معاملة بولندا، الإطلاق عل إيو.
+בְּרֵאשִׁית, בָּרָא אֱלֹהִים, אֵת הַשָּׁמַיִם, וְאֵת הָאָרֶץ
+הָיְתָהtestالصفحات التّحول
+﷽
+ﷺ
+مُنَاقَشَةُ سُبُلِ اِسْتِخْدَامِ اللُّغَةِ فِي النُّظُمِ الْقَائِمَةِ وَفِيم يَخُصَّ التَّطْبِيقَاتُ الْحاسُوبِيَّةُ، 
+
+#	Trick Unicode
+#
+#	Strings which contain unicode with unusual properties (e.g. Right-to-left override) (c.f. http://www.unicode.org/charts/PDF/U2000.pdf)
+
+‪‪test‪
+‫test‫
+ test 
+test⁠test‫
+⁦test⁧
+
+#	Zalgo Text
+#
+#	Strings which contain "corrupted" text. The corruption will not appear in non-HTML text, however. (via http://www.eeemo.net)
+
+Ṱ̺̺̕o͞ ̷i̲̬͇̪͙n̝̗͕v̟̜̘̦͟o̶̙̰̠kè͚̮̺̪̹̱̤ ̖t̝͕̳̣̻̪͞h̼͓̲̦̳̘̲e͇̣̰̦̬͎ ̢̼̻̱̘h͚͎͙̜̣̲ͅi̦̲̣̰̤v̻͍e̺̭̳̪̰-m̢iͅn̖̺̞̲̯̰d̵̼̟͙̩̼̘̳ ̞̥̱̳̭r̛̗̘e͙p͠r̼̞̻̭̗e̺̠̣͟s̘͇̳͍̝͉e͉̥̯̞̲͚̬͜ǹ̬͎͎̟̖͇̤t͍̬̤͓̼̭͘ͅi̪̱n͠g̴͉ ͏͉ͅc̬̟h͡a̫̻̯͘o̫̟̖͍̙̝͉s̗̦̲.̨̹͈̣
+̡͓̞ͅI̗̘̦͝n͇͇͙v̮̫ok̲̫̙͈i̖͙̭̹̠̞n̡̻̮̣̺g̲͈͙̭͙̬͎ ̰t͔̦h̞̲e̢̤ ͍̬̲͖f̴̘͕̣è͖ẹ̥̩l͖͔͚i͓͚̦͠n͖͍̗͓̳̮g͍ ̨o͚̪͡f̘̣̬ ̖̘͖̟͙̮c҉͔̫͖͓͇͖ͅh̵̤̣͚͔á̗̼͕ͅo̼̣̥s̱͈̺̖̦̻͢.̛̖̞̠̫̰
+̗̺͖̹̯͓Ṯ̤͍̥͇͈h̲́e͏͓̼̗̙̼̣͔ ͇̜̱̠͓͍ͅN͕͠e̗̱z̘̝̜̺͙p̤̺̹͍̯͚e̠̻̠͜r̨̤͍̺̖͔̖̖d̠̟̭̬̝͟i̦͖̩͓͔̤a̠̗̬͉̙n͚͜ ̻̞̰͚ͅh̵͉i̳̞v̢͇ḙ͎͟-҉̭̩̼͔m̤̭̫i͕͇̝̦n̗͙ḍ̟ ̯̲͕͞ǫ̟̯̰̲͙̻̝f ̪̰̰̗̖̭̘͘c̦͍̲̞͍̩̙ḥ͚a̮͎̟̙͜ơ̩̹͎s̤.̝̝ ҉Z̡̖̜͖̰̣͉̜a͖̰͙̬͡l̲̫̳͍̩g̡̟̼̱͚̞̬ͅo̗͜.̟
+̦H̬̤̗̤͝e͜ ̜̥̝̻͍̟́w̕h̖̯͓o̝͙̖͎̱̮ ҉̺̙̞̟͈W̷̼̭a̺̪͍į͈͕̭͙̯̜t̶̼̮s̘͙͖̕ ̠̫̠B̻͍͙͉̳ͅe̵h̵̬͇̫͙i̹͓̳̳̮͎̫̕n͟d̴̪̜̖ ̰͉̩͇͙̲͞ͅT͖̼͓̪͢h͏͓̮̻e̬̝̟ͅ ̤̹̝W͙̞̝͔͇͝ͅa͏͓͔̹̼̣l̴͔̰̤̟͔ḽ̫.͕
+Z̮̞̠͙͔ͅḀ̗̞͈̻̗Ḷ͙͎̯̹̞͓G̻O̭̗̮
+
+#	Unicode Upsidedown
+#
+#	Strings which contain unicode with an "upsidedown" effect (via http://www.upsidedowntext.com)
+
+˙ɐnbᴉlɐ ɐuƃɐɯ ǝɹolop ʇǝ ǝɹoqɐl ʇn ʇunpᴉpᴉɔuᴉ ɹodɯǝʇ poɯsnᴉǝ op pǝs 'ʇᴉlǝ ƃuᴉɔsᴉdᴉpɐ ɹnʇǝʇɔǝsuoɔ 'ʇǝɯɐ ʇᴉs ɹolop ɯnsdᴉ ɯǝɹo˥
+00˙Ɩ$-
+
+#	Unicode font
+#
+#	Strings which contain bold/italic/etc. versions of normal characters
+
+Ｔｈｅ ｑｕｉｃｋ ｂｒｏｗｎ ｆｏｘ ｊｕｍｐｓ ｏｖｅｒ ｔｈｅ ｌａｚｙ ｄｏｇ
+𝐓𝐡𝐞 𝐪𝐮𝐢𝐜𝐤 𝐛𝐫𝐨𝐰𝐧 𝐟𝐨𝐱 𝐣𝐮𝐦𝐩𝐬 𝐨𝐯𝐞𝐫 𝐭𝐡𝐞 𝐥𝐚𝐳𝐲 𝐝𝐨𝐠
+𝕿𝖍𝖊 𝖖𝖚𝖎𝖈𝖐 𝖇𝖗𝖔𝖜𝖓 𝖋𝖔𝖝 𝖏𝖚𝖒𝖕𝖘 𝖔𝖛𝖊𝖗 𝖙𝖍𝖊 𝖑𝖆𝖟𝖞 𝖉𝖔𝖌
+𝑻𝒉𝒆 𝒒𝒖𝒊𝒄𝒌 𝒃𝒓𝒐𝒘𝒏 𝒇𝒐𝒙 𝒋𝒖𝒎𝒑𝒔 𝒐𝒗𝒆𝒓 𝒕𝒉𝒆 𝒍𝒂𝒛𝒚 𝒅𝒐𝒈
+𝓣𝓱𝓮 𝓺𝓾𝓲𝓬𝓴 𝓫𝓻𝓸𝔀𝓷 𝓯𝓸𝔁 𝓳𝓾𝓶𝓹𝓼 𝓸𝓿𝓮𝓻 𝓽𝓱𝓮 𝓵𝓪𝔃𝔂 𝓭𝓸𝓰
+𝕋𝕙𝕖 𝕢𝕦𝕚𝕔𝕜 𝕓𝕣𝕠𝕨𝕟 𝕗𝕠𝕩 𝕛𝕦𝕞𝕡𝕤 𝕠𝕧𝕖𝕣 𝕥𝕙𝕖 𝕝𝕒𝕫𝕪 𝕕𝕠𝕘
+𝚃𝚑𝚎 𝚚𝚞𝚒𝚌𝚔 𝚋𝚛𝚘𝚠𝚗 𝚏𝚘𝚡 𝚓𝚞𝚖𝚙𝚜 𝚘𝚟𝚎𝚛 𝚝𝚑𝚎 𝚕𝚊𝚣𝚢 𝚍𝚘𝚐
+⒯⒣⒠ ⒬⒰⒤⒞⒦ ⒝⒭⒪⒲⒩ ⒡⒪⒳ ⒥⒰⒨⒫⒮ ⒪⒱⒠⒭ ⒯⒣⒠ ⒧⒜⒵⒴ ⒟⒪⒢
+
+#	Script Injection
+#
+#	Strings which attempt to invoke a benign script injection; shows vulnerability to XSS
+
+<script>alert(123)</script>
+&lt;script&gt;alert(&#39;123&#39;);&lt;/script&gt;
+<img src=x onerror=alert(123) />
+<svg><script>123<1>alert(123)</script>
+"><script>alert(123)</script>
+'><script>alert(123)</script>
+><script>alert(123)</script>
+</script><script>alert(123)</script>
+< / script >< script >alert(123)< / script >
+ onfocus=JaVaSCript:alert(123) autofocus
+" onfocus=JaVaSCript:alert(123) autofocus
+' onfocus=JaVaSCript:alert(123) autofocus
+＜script＞alert(123)＜/script＞
+<sc<script>ript>alert(123)</sc</script>ript>
+--><script>alert(123)</script>
+";alert(123);t="
+';alert(123);t='
+JavaSCript:alert(123)
+;alert(123);
+src=JaVaSCript:prompt(132)
+"><script>alert(123);</script x="
+'><script>alert(123);</script x='
+><script>alert(123);</script x=
+" autofocus onkeyup="javascript:alert(123)
+' autofocus onkeyup='javascript:alert(123)
+<script\x20type="text/javascript">javascript:alert(1);</script>
+<script\x3Etype="text/javascript">javascript:alert(1);</script>
+<script\x0Dtype="text/javascript">javascript:alert(1);</script>
+<script\x09type="text/javascript">javascript:alert(1);</script>
+<script\x0Ctype="text/javascript">javascript:alert(1);</script>
+<script\x2Ftype="text/javascript">javascript:alert(1);</script>
+<script\x0Atype="text/javascript">javascript:alert(1);</script>
+'`"><\x3Cscript>javascript:alert(1)</script>
+'`"><\x00script>javascript:alert(1)</script>
+ABC<div style="x\x3Aexpression(javascript:alert(1)">DEF
+ABC<div style="x:expression\x5C(javascript:alert(1)">DEF
+ABC<div style="x:expression\x00(javascript:alert(1)">DEF
+ABC<div style="x:exp\x00ression(javascript:alert(1)">DEF
+ABC<div style="x:exp\x5Cression(javascript:alert(1)">DEF
+ABC<div style="x:\x0Aexpression(javascript:alert(1)">DEF
+ABC<div style="x:\x09expression(javascript:alert(1)">DEF
+ABC<div style="x:\xE3\x80\x80expression(javascript:alert(1)">DEF
+ABC<div style="x:\xE2\x80\x84expression(javascript:alert(1)">DEF
+ABC<div style="x:\xC2\xA0expression(javascript:alert(1)">DEF
+ABC<div style="x:\xE2\x80\x80expression(javascript:alert(1)">DEF
+ABC<div style="x:\xE2\x80\x8Aexpression(javascript:alert(1)">DEF
+ABC<div style="x:\x0Dexpression(javascript:alert(1)">DEF
+ABC<div style="x:\x0Cexpression(javascript:alert(1)">DEF
+ABC<div style="x:\xE2\x80\x87expression(javascript:alert(1)">DEF
+ABC<div style="x:\xEF\xBB\xBFexpression(javascript:alert(1)">DEF
+ABC<div style="x:\x20expression(javascript:alert(1)">DEF
+ABC<div style="x:\xE2\x80\x88expression(javascript:alert(1)">DEF
+ABC<div style="x:\x00expression(javascript:alert(1)">DEF
+ABC<div style="x:\xE2\x80\x8Bexpression(javascript:alert(1)">DEF
+ABC<div style="x:\xE2\x80\x86expression(javascript:alert(1)">DEF
+ABC<div style="x:\xE2\x80\x85expression(javascript:alert(1)">DEF
+ABC<div style="x:\xE2\x80\x82expression(javascript:alert(1)">DEF
+ABC<div style="x:\x0Bexpression(javascript:alert(1)">DEF
+ABC<div style="x:\xE2\x80\x81expression(javascript:alert(1)">DEF
+ABC<div style="x:\xE2\x80\x83expression(javascript:alert(1)">DEF
+ABC<div style="x:\xE2\x80\x89expression(javascript:alert(1)">DEF
+<a href="\x0Bjavascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\x0Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\xC2\xA0javascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\x05javascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\xE1\xA0\x8Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\x18javascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\x11javascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\xE2\x80\x88javascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\xE2\x80\x89javascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\xE2\x80\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\x17javascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\x03javascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\x0Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\x1Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\x00javascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\x10javascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\xE2\x80\x82javascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\x20javascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\x13javascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\x09javascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\xE2\x80\x8Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\x14javascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\x19javascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\xE2\x80\xAFjavascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\x1Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\xE2\x80\x81javascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\x1Djavascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\xE2\x80\x87javascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\x07javascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\xE1\x9A\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\xE2\x80\x83javascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\x04javascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\x01javascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\x08javascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\xE2\x80\x84javascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\xE2\x80\x86javascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\xE3\x80\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\x12javascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\x0Djavascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\x0Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\x0Cjavascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\x15javascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\xE2\x80\xA8javascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\x16javascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\x02javascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\x1Bjavascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\x06javascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\xE2\x80\xA9javascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\xE2\x80\x85javascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\x1Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\xE2\x81\x9Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="\x1Cjavascript:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="javascript\x00:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="javascript\x3A:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="javascript\x09:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="javascript\x0D:javascript:alert(1)" id="fuzzelement1">test</a>
+<a href="javascript\x0A:javascript:alert(1)" id="fuzzelement1">test</a>
+`"'><img src=xxx:x \x0Aonerror=javascript:alert(1)>
+`"'><img src=xxx:x \x22onerror=javascript:alert(1)>
+`"'><img src=xxx:x \x0Bonerror=javascript:alert(1)>
+`"'><img src=xxx:x \x0Donerror=javascript:alert(1)>
+`"'><img src=xxx:x \x2Fonerror=javascript:alert(1)>
+`"'><img src=xxx:x \x09onerror=javascript:alert(1)>
+`"'><img src=xxx:x \x0Conerror=javascript:alert(1)>
+`"'><img src=xxx:x \x00onerror=javascript:alert(1)>
+`"'><img src=xxx:x \x27onerror=javascript:alert(1)>
+`"'><img src=xxx:x \x20onerror=javascript:alert(1)>
+"`'><script>\x3Bjavascript:alert(1)</script>
+"`'><script>\x0Djavascript:alert(1)</script>
+"`'><script>\xEF\xBB\xBFjavascript:alert(1)</script>
+"`'><script>\xE2\x80\x81javascript:alert(1)</script>
+"`'><script>\xE2\x80\x84javascript:alert(1)</script>
+"`'><script>\xE3\x80\x80javascript:alert(1)</script>
+"`'><script>\x09javascript:alert(1)</script>
+"`'><script>\xE2\x80\x89javascript:alert(1)</script>
+"`'><script>\xE2\x80\x85javascript:alert(1)</script>
+"`'><script>\xE2\x80\x88javascript:alert(1)</script>
+"`'><script>\x00javascript:alert(1)</script>
+"`'><script>\xE2\x80\xA8javascript:alert(1)</script>
+"`'><script>\xE2\x80\x8Ajavascript:alert(1)</script>
+"`'><script>\xE1\x9A\x80javascript:alert(1)</script>
+"`'><script>\x0Cjavascript:alert(1)</script>
+"`'><script>\x2Bjavascript:alert(1)</script>
+"`'><script>\xF0\x90\x96\x9Ajavascript:alert(1)</script>
+"`'><script>-javascript:alert(1)</script>
+"`'><script>\x0Ajavascript:alert(1)</script>
+"`'><script>\xE2\x80\xAFjavascript:alert(1)</script>
+"`'><script>\x7Ejavascript:alert(1)</script>
+"`'><script>\xE2\x80\x87javascript:alert(1)</script>
+"`'><script>\xE2\x81\x9Fjavascript:alert(1)</script>
+"`'><script>\xE2\x80\xA9javascript:alert(1)</script>
+"`'><script>\xC2\x85javascript:alert(1)</script>
+"`'><script>\xEF\xBF\xAEjavascript:alert(1)</script>
+"`'><script>\xE2\x80\x83javascript:alert(1)</script>
+"`'><script>\xE2\x80\x8Bjavascript:alert(1)</script>
+"`'><script>\xEF\xBF\xBEjavascript:alert(1)</script>
+"`'><script>\xE2\x80\x80javascript:alert(1)</script>
+"`'><script>\x21javascript:alert(1)</script>
+"`'><script>\xE2\x80\x82javascript:alert(1)</script>
+"`'><script>\xE2\x80\x86javascript:alert(1)</script>
+"`'><script>\xE1\xA0\x8Ejavascript:alert(1)</script>
+"`'><script>\x0Bjavascript:alert(1)</script>
+"`'><script>\x20javascript:alert(1)</script>
+"`'><script>\xC2\xA0javascript:alert(1)</script>
+<img \x00src=x onerror="alert(1)">
+<img \x47src=x onerror="javascript:alert(1)">
+<img \x11src=x onerror="javascript:alert(1)">
+<img \x12src=x onerror="javascript:alert(1)">
+<img\x47src=x onerror="javascript:alert(1)">
+<img\x10src=x onerror="javascript:alert(1)">
+<img\x13src=x onerror="javascript:alert(1)">
+<img\x32src=x onerror="javascript:alert(1)">
+<img\x47src=x onerror="javascript:alert(1)">
+<img\x11src=x onerror="javascript:alert(1)">
+<img \x47src=x onerror="javascript:alert(1)">
+<img \x34src=x onerror="javascript:alert(1)">
+<img \x39src=x onerror="javascript:alert(1)">
+<img \x00src=x onerror="javascript:alert(1)">
+<img src\x09=x onerror="javascript:alert(1)">
+<img src\x10=x onerror="javascript:alert(1)">
+<img src\x13=x onerror="javascript:alert(1)">
+<img src\x32=x onerror="javascript:alert(1)">
+<img src\x12=x onerror="javascript:alert(1)">
+<img src\x11=x onerror="javascript:alert(1)">
+<img src\x00=x onerror="javascript:alert(1)">
+<img src\x47=x onerror="javascript:alert(1)">
+<img src=x\x09onerror="javascript:alert(1)">
+<img src=x\x10onerror="javascript:alert(1)">
+<img src=x\x11onerror="javascript:alert(1)">
+<img src=x\x12onerror="javascript:alert(1)">
+<img src=x\x13onerror="javascript:alert(1)">
+<img[a][b][c]src[d]=x[e]onerror=[f]"alert(1)">
+<img src=x onerror=\x09"javascript:alert(1)">
+<img src=x onerror=\x10"javascript:alert(1)">
+<img src=x onerror=\x11"javascript:alert(1)">
+<img src=x onerror=\x12"javascript:alert(1)">
+<img src=x onerror=\x32"javascript:alert(1)">
+<img src=x onerror=\x00"javascript:alert(1)">
+<a href=java&#1&#2&#3&#4&#5&#6&#7&#8&#11&#12script:javascript:alert(1)>XXX</a>
+<img src="x` `<script>javascript:alert(1)</script>"` `>
+<img src onerror /" '"= alt=javascript:alert(1)//">
+<title onpropertychange=javascript:alert(1)></title><title title=>
+<a href=http://foo.bar/#x=`y></a><img alt="`><img src=x:x onerror=javascript:alert(1)></a>">
+<!--[if]><script>javascript:alert(1)</script -->
+<!--[if<img src=x onerror=javascript:alert(1)//]> -->
+<script src="/\%(jscript)s"></script>
+<script src="\\%(jscript)s"></script>
+<IMG """><SCRIPT>alert("XSS")</SCRIPT>">
+<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
+<IMG SRC=# onmouseover="alert('xxs')">
+<IMG SRC= onmouseover="alert('xxs')">
+<IMG onmouseover="alert('xxs')">
+<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>
+<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>
+<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>
+<IMG SRC="jav   ascript:alert('XSS');">
+<IMG SRC="jav&#x09;ascript:alert('XSS');">
+<IMG SRC="jav&#x0A;ascript:alert('XSS');">
+<IMG SRC="jav&#x0D;ascript:alert('XSS');">
+perl -e 'print "<IMG SRC=java\0script:alert(\"XSS\")>";' > out
+<IMG SRC=" &#14;  javascript:alert('XSS');">
+<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT>
+<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>
+<SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT>
+<<SCRIPT>alert("XSS");//<</SCRIPT>
+<SCRIPT SRC=http://ha.ckers.org/xss.js?< B >
+<SCRIPT SRC=//ha.ckers.org/.j>
+<IMG SRC="javascript:alert('XSS')"
+<iframe src=http://ha.ckers.org/scriptlet.html <
+\";alert('XSS');//
+<u oncopy=alert()> Copy me</u>
+<i onwheel=alert(1)> Scroll over me </i>
+<plaintext>
+http://a/%%30%30
+</textarea><script>alert(123)</script>
+
+#	SQL Injection
+#
+#	Strings which can cause a SQL injection if inputs are not sanitized
+
+1;DROP TABLE users
+1'; DROP TABLE users-- 1
+' OR 1=1 -- 1
+' OR '1'='1
+ 
+%
+_
+
+#	Server Code Injection
+#
+#	Strings which can cause user to run code on server as a privileged user (c.f. https://news.ycombinator.com/item?id=7665153)
+
+-
+--
+--version
+--help
+$USER
+/dev/null; touch /tmp/blns.fail ; echo
+`touch /tmp/blns.fail`
+$(touch /tmp/blns.fail)
+@{[system "touch /tmp/blns.fail"]}
+
+#	Command Injection (Ruby)
+#
+#	Strings which can call system commands within Ruby/Rails applications
+
+eval("puts 'hello world'")
+System("ls -al /")
+`ls -al /`
+Kernel.exec("ls -al /")
+Kernel.exit(1)
+%x('ls -al /')
+
+#      XXE Injection (XML)
+#
+#	String which can reveal system files when parsed by a badly configured XML parser
+
+<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [ <!ELEMENT foo ANY ><!ENTITY xxe SYSTEM "file:///etc/passwd" >]><foo>&xxe;</foo>
+
+#	Unwanted Interpolation
+#
+#	Strings which can be accidentally expanded into different strings if evaluated in the wrong context, e.g. used as a printf format string or via Perl or shell eval. Might expose sensitive data from the program doing the interpolation, or might just represent the wrong string.
+
+$HOME
+$ENV{'HOME'}
+%d
+%s
+{0}
+%*.*s
+File:///
+
+#	File Inclusion
+#
+#	Strings which can cause user to pull in files that should not be a part of a web server
+
+../../../../../../../../../../../etc/passwd%00
+../../../../../../../../../../../etc/hosts
+
+#	Known CVEs and Vulnerabilities
+#
+#	Strings that test for known vulnerabilities
+
+() { 0; }; touch /tmp/blns.shellshock1.fail;
+() { _; } >_[$($())] { touch /tmp/blns.shellshock2.fail; }
+<<< %s(un='%s') = %u
++++ATH0
+
+#	MSDOS/Windows Special Filenames
+#
+#	Strings which are reserved characters in MSDOS/Windows
+
+CON
+PRN
+AUX
+CLOCK$
+NUL
+A:
+ZZ:
+COM1
+LPT1
+LPT2
+LPT3
+COM2
+COM3
+COM4
+
+#   IRC specific strings
+#
+#   Strings that may occur on IRC clients that make security products freak out
+
+DCC SEND STARTKEYLOGGER 0 0 0
+
+#	Scunthorpe Problem
+#
+#	Innocuous strings which may be blocked by profanity filters (https://en.wikipedia.org/wiki/Scunthorpe_problem)
+
+Scunthorpe General Hospital
+Penistone Community Church
+Lightwater Country Park
+Jimmy Clitheroe
+Horniman Museum
+shitake mushrooms
+RomansInSussex.co.uk
+http://www.cum.qc.ca/
+Craig Cockburn, Software Specialist
+Linda Callahan
+Dr. Herman I. Libshitz
+magna cum laude
+Super Bowl XXX
+medieval erection of parapets
+evaluate
+mocha
+expression
+Arsenal canal
+classic
+Tyson Gay
+Dick Van Dyke
+basement
+
+#	Human injection
+#
+#	Strings which may cause human to reinterpret worldview
+
+If you're reading this, you've been in a coma for almost 20 years now. We're trying a new technique. We don't know where this message will end up in your dream, but we hope it works. Please wake up, we miss you.
+
+#	Terminal escape codes
+#
+#	Strings which punish the fools who use cat/type on this file
+
+Roses are [0;31mred[0m, violets are [0;34mblue. Hope you enjoy terminal hue
+But now...[20Cfor my greatest trick...[8m
+The quick brown fox... [Beeeep]
+
+#	iOS Vulnerabilities
+#
+#	Strings which crashed iMessage in various versions of iOS
+
+Powerلُلُصّبُلُلصّبُررً ॣ ॣh ॣ ॣ冗
+🏳0🌈️
+\ No newline at end of file
diff --git a/src/gtest_main.cpp b/src/gtest_main.cpp
new file mode 100644
index 0000000000..1659be89ee
--- /dev/null
+++ b/src/gtest_main.cpp
@@ -0,0 +1,6 @@
+#include "gtest/gtest.h"
+
+int main(int argc, char **argv) {
+  ::testing::InitGoogleTest(&argc, argv);
+  return RUN_ALL_TESTS();
+}
+\ No newline at end of file
diff --git a/src/token_authorization_middleware.cpp b/src/token_authorization_middleware.cpp
new file mode 100644
index 0000000000..61ac28debd
--- /dev/null
+++ b/src/token_authorization_middleware.cpp
@@ -0,0 +1,49 @@
+#include <unordered_map>
+
+#include <boost/algorithm/string/predicate.hpp>
+
+#include <token_authorization_middleware.hpp>
+
+namespace crow
+{
+    std::string TokenAuthorizationMiddleware::context::get_cookie(const std::string& key)
+    {
+        if (cookie_sessions.count(key))
+            return cookie_sessions[key];
+        return {};
+    }
+
+    void TokenAuthorizationMiddleware::context::set_cookie(const std::string& key, const std::string& value)
+    {
+        cookies_to_push_to_client.emplace(key, value);
+    }
+    
+
+    void TokenAuthorizationMiddleware::before_handle(crow::request& req, response& res, context& ctx)
+    {
+        if (req.url == "/login"){
+            return;
+        }
+
+        // Check for an authorization header, reject if not present
+        if (req.headers.count("Authorization") != 1) {
+            res.code = 400;
+            res.end();
+            return;
+        }
+        std::string auth_header = req.get_header_value("Authorization");
+        // If the user is attempting any kind of auth other than token, reject
+        if (!boost::starts_with(auth_header, "Token ")) {
+            res.code = 400;
+            res.end();
+        }
+    }
+
+    void TokenAuthorizationMiddleware::after_handle(request& /*req*/, response& res, context& ctx)
+    {
+        for (auto& cookie : ctx.cookies_to_push_to_client) {
+            res.add_header("Set-Cookie", cookie.first + "=" + cookie.second);
+        }
+    }
+
+}
+\ No newline at end of file
diff --git a/src/token_authorization_middleware_test.cpp b/src/token_authorization_middleware_test.cpp
new file mode 100644
index 0000000000..8d5be1ebbd
--- /dev/null
+++ b/src/token_authorization_middleware_test.cpp
@@ -0,0 +1,26 @@
+#include "token_authorization_middleware.hpp"
+#include <crow/app.h>
+#include "gtest/gtest.h"
+
+
+// Tests that Base64 basic strings work
+TEST(Authentication, TestBasicReject)
+{
+    crow::App<crow::TokenAuthorizationMiddleware> app;
+    crow::request req;
+    crow::response res;
+    app.handle(req, res);
+    ASSERT_EQ(res.code, 400);
+
+
+    crow::App<crow::TokenAuthorizationMiddleware> app;
+    decltype(app)::server_t server(&app, "127.0.0.1", 45451);
+    CROW_ROUTE(app, "/")([&](const crow::request& req)
+    {
+        app.get_context<NullMiddleware>(req);
+        app.get_context<NullSimpleMiddleware>(req);
+        return "";
+    });
+}
+
+
diff --git a/src/example.cpp b/src/webserver_main.cpp
index 91fdb7f8aa..bbe599e847 100644
--- a/src/example.cpp
+++ b/src/webserver_main.cpp
@@ -1,106 +1,71 @@
-#include "crow/query_string.h"
-#include "crow/http_parser_merged.h"
 #include "crow/ci_map.h"
+#include "crow/http_parser_merged.h"
+#include "crow/query_string.h"
 //#include "crow/TinySHA1.hpp"
-#include "crow/settings.h"
-#include "crow/socket_adaptors.h"
-#include "crow/json.h"
-#include "crow/mustache.h"
-#include "crow/logging.h"
-#include "crow/dumb_timer_queue.h"
-#include "crow/utility.h"
+#include "crow/app.h"
 #include "crow/common.h"
+#include "crow/dumb_timer_queue.h"
+#include "crow/http_connection.h"
 #include "crow/http_request.h"
-#include "crow/websocket.h"
-#include "crow/parser.h"
 #include "crow/http_response.h"
+#include "crow/http_server.h"
+#include "crow/json.h"
+#include "crow/logging.h"
 #include "crow/middleware.h"
-#include "crow/routing.h"
 #include "crow/middleware_context.h"
-#include "crow/http_connection.h"
-#include "crow/http_server.h"
-#include "crow/app.h"
+#include "crow/mustache.h"
+#include "crow/parser.h"
+#include "crow/routing.h"
+#include "crow/settings.h"
+#include "crow/socket_adaptors.h"
+#include "crow/utility.h"
+#include "crow/websocket.h"
 
 #include "color_cout_g3_sink.hpp"
 
-#include "ssl_key_handler.hpp"
+#include "token_authorization_middleware.hpp"
+
 #include <iostream>
 #include <string>
-
-
-
-struct ExampleMiddleware 
-{
-    std::string message;
-
-    ExampleMiddleware() 
-    {
-        message = "foo";
-    }
-
-    void setMessage(std::string newMsg)
-    {
-        message = newMsg;
-    }
-
-    struct context
-    {
-    };
-
-    void before_handle(crow::request& /*req*/, crow::response& /*res*/, context& /*ctx*/)
-    {
-        CROW_LOG_DEBUG << " - MESSAGE: " << message;
-    }
-
-    void after_handle(crow::request& /*req*/, crow::response& /*res*/, context& /*ctx*/)
-    {
-        // no-op
-    }
-};
-
-
+#include "ssl_key_handler.hpp"
 
 int main(int argc, char** argv)
 {
-   auto worker = g3::LogWorker::createLogWorker();
-   auto handle= worker->addDefaultLogger(argv[0], "/tmp/");
-   g3::initializeLogging(worker.get());
-   auto log_file_name = handle->call(&g3::FileSink::fileName);
-   auto sink_handle = worker->addSink(std::make_unique<crow::ColorCoutSink>(),
-                                     &crow::ColorCoutSink::ReceiveLogMessage);
+    auto worker = g3::LogWorker::createLogWorker();
+    auto handle = worker->addDefaultLogger(argv[0], "/tmp/");
+    g3::initializeLogging(worker.get());
+    auto log_file_name = handle->call(&g3::FileSink::fileName);
+    auto sink_handle = worker->addSink(std::make_unique<crow::ColorCoutSink>(),
+                                       &crow::ColorCoutSink::ReceiveLogMessage);
 
-   LOG(DEBUG) << "Logging to " << log_file_name.get() << "\n";
+    LOG(DEBUG) << "Logging to " << log_file_name.get() << "\n";
 
     std::string ssl_pem_file("server.pem");
     ensuressl::ensure_openssl_key_present_and_valid(ssl_pem_file);
     //auto handler2 = std::make_shared<ExampleLogHandler>();
     //crow::logger::setHandler(handler2.get());
-    crow::App<ExampleMiddleware> app;
-
-    app.get_middleware<ExampleMiddleware>().setMessage("hello");
+    crow::App<crow::TokenAuthorizationMiddleware> app;
 
     CROW_ROUTE(app, "/")
-        .name("hello")
-    ([]{
-        return "Hello World!";
-    });
+        .name("hello")([] {
+            return "Hello World!";
+        });
 
     CROW_ROUTE(app, "/about")
-    ([](){
+    ([]() {
         return "About Crow example.";
     });
 
     // a request to /path should be forwarded to /path/
     CROW_ROUTE(app, "/path/")
-    ([](){
+    ([]() {
         return "Trailing slash test case..";
     });
 
-
     // simple json response
     // To see it in action enter {ip}:18080/json
     CROW_ROUTE(app, "/json")
-    ([]{
+    ([] {
         crow::json::wvalue x;
         x["message"] = "Hello, World!";
         return x;
@@ -108,8 +73,8 @@ int main(int argc, char** argv)
 
     // To see it in action enter {ip}:18080/hello/{integer_between -2^32 and 100} and you should receive
     // {integer_between -2^31 and 100} bottles of beer!
-    CROW_ROUTE(app,"/hello/<int>")
-    ([](int count){
+    CROW_ROUTE(app, "/hello/<int>")
+    ([](int count) {
         if (count > 100)
             return crow::response(400);
         std::ostringstream os;
@@ -118,10 +83,10 @@ int main(int argc, char** argv)
     });
 
     // To see it in action submit {ip}:18080/add/1/2 and you should receive 3 (exciting, isn't it)
-    CROW_ROUTE(app,"/add/<int>/<int>")
-    ([](const crow::request& /*req*/, crow::response& res, int a, int b){
+    CROW_ROUTE(app, "/add/<int>/<int>")
+    ([](const crow::request& /*req*/, crow::response& res, int a, int b) {
         std::ostringstream os;
-        os << a+b;
+        os << a + b;
         res.write(os.str());
         res.end();
     });
@@ -129,7 +94,7 @@ int main(int argc, char** argv)
     // Compile error with message "Handler type is mismatched with URL paramters"
     //CROW_ROUTE(app,"/another/<int>")
     //([](int a, int b){
-        //return crow::response(500);
+    //return crow::response(500);
     //});
 
     // more json example
@@ -144,49 +109,48 @@ int main(int argc, char** argv)
     // A simpler way for json example:
     //      * curl -d '{"a":1,"b":2}' {ip}:18080/add_json
     CROW_ROUTE(app, "/add_json")
-        .methods("POST"_method)
-    ([](const crow::request& req){
-        auto x = crow::json::load(req.body);
-        if (!x)
-            return crow::response(400);
-        int sum = x["a"].i()+x["b"].i();
-        std::ostringstream os;
-        os << sum;
-        return crow::response{os.str()};
-    });
+        .methods("POST"_method)([](const crow::request& req) {
+            auto x = crow::json::load(req.body);
+            if (!x)
+                return crow::response(400);
+            int sum = x["a"].i() + x["b"].i();
+            std::ostringstream os;
+            os << sum;
+            return crow::response{os.str()};
+        });
 
     // Example of a request taking URL parameters
     // If you want to activate all the functions just query
     // {ip}:18080/params?foo='blabla'&pew=32&count[]=a&count[]=b
     CROW_ROUTE(app, "/params")
-    ([](const crow::request& req){
+    ([](const crow::request& req) {
         std::ostringstream os;
 
         // To get a simple string from the url params
         // To see it in action /params?foo='blabla'
-        os << "Params: " << req.url_params << "\n\n"; 
+        os << "Params: " << req.url_params << "\n\n";
         os << "The key 'foo' was " << (req.url_params.get("foo") == nullptr ? "not " : "") << "found.\n";
 
         // To get a double from the request
         // To see in action submit something like '/params?pew=42'
-        if(req.url_params.get("pew") != nullptr) {
+        if (req.url_params.get("pew") != nullptr) {
             double countD = boost::lexical_cast<double>(req.url_params.get("pew"));
-            os << "The value of 'pew' is " <<  countD << '\n';
+            os << "The value of 'pew' is " << countD << '\n';
         }
 
         // To get a list from the request
         // You have to submit something like '/params?count[]=a&count[]=b' to have a list with two values (a and b)
         auto count = req.url_params.get_list("count");
         os << "The key 'count' contains " << count.size() << " value(s).\n";
-        for(const auto& countVal : count) {
+        for (const auto& countVal : count) {
             os << " - " << countVal << '\n';
         }
         return crow::response{os.str()};
-    });    
+    });
 
     CROW_ROUTE(app, "/large")
-    ([]{
-        return std::string(512*1024, ' ');
+    ([] {
+        return std::string(512 * 1024, ' ');
     });
 
     // ignore all log