Created
June 23, 2016 07:39
-
-
Save sapslaj/7ceb66763ffed79360afe07b5d0204c4 to your computer and use it in GitHub Desktop.
Badly-formatted output from a script to test https://github.com/tenderlove/widen against https://github.com/minimaxir/big-list-of-naughty-strings
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This utilizes blns to cram strings through the 'widen' gem. | |
The first line is the original string, the second, the 'widened' string, the third, the 'narrowened' string | |
Test strings | |
Scunthorpe General Hospital | |
Scunthorpe General Hospital | |
Scunthorpe General Hospital | |
$100% true | |
$100% true | |
$100% true | |
Special Characters | |
Strings which contain common special ASCII characters (may need to be escaped) | |
,./;'[]\-= | |
,./;'[]\-= | |
,./;'[]\-= | |
<>?:"{}|_+ | |
<>?:"{}|_+ | |
<>?:"{}|_+ | |
!@#$%^&*()`~ | |
!@#$%^&*()`~ | |
!@#$%^&*()`~ | |
Unicode Symbols | |
Strings which contain common unicode symbols (e.g. smart quotes) | |
Ω≈ç√∫˜µ≤≥÷ | |
Ω≈ç√∫˜µ≤≥÷ | |
Ω≈ç√∫˜µ≤≥÷ | |
åß∂ƒ©˙∆˚¬…æ | |
åß∂ƒ©˙∆˚¬…æ | |
åß∂ƒ©˙∆˚¬…æ | |
œ∑´®†¥¨ˆøπ“‘ | |
œ∑´®†¥¨ˆøπ“‘ | |
œ∑´®†¥¨ˆøπ“‘ | |
¡™£¢∞§¶•ªº–≠ | |
¡™£¢∞§¶•ªº–≠ | |
¡™£¢∞§¶•ªº–≠ | |
¸˛Ç◊ı˜Â¯˘¿ | |
¸˛Ç◊ı˜Â ̄˘¿ | |
¸˛Ç◊ı˜Â¯˘¿ | |
ÅÍÎÏ˝ÓÔÒÚÆ☃ | |
ÅÍÎÏ˝ÓÔÒÚÆ☃ | |
ÅÍÎÏ˝ÓÔÒÚÆ☃ | |
Œ„´‰ˇÁ¨ˆØ∏”’ | |
Œ„´‰ˇÁ¨ˆØ∏”’ | |
Œ„´‰ˇÁ¨ˆØ∏”’ | |
`⁄€‹›fifl‡°·‚—± | |
`⁄€‹›fifl‡°·‚—± | |
`⁄€‹›fifl‡°·‚—± | |
⅛⅜⅝⅞ | |
⅛⅜⅝⅞ | |
⅛⅜⅝⅞ | |
ЁЂЃЄЅІЇЈЉЊЋЌЍЎЏАБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯабвгдежзийклмнопрстуфхцчшщъыьэюя | |
ЁЂЃЄЅІЇЈЉЊЋЌЍЎЏАБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯабвгдежзийклмнопрстуфхцчшщъыьэюя | |
ЁЂЃЄЅІЇЈЉЊЋЌЍЎЏАБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯабвгдежзийклмнопрстуфхцчшщъыьэюя | |
٠١٢٣٤٥٦٧٨٩ | |
٠١٢٣٤٥٦٧٨٩ | |
٠١٢٣٤٥٦٧٨٩ | |
Unicode Subscript/Superscript | |
Strings which contain unicode subscripts/superscripts; can cause rendering issues | |
⁰⁴⁵ | |
⁰⁴⁵ | |
⁰⁴⁵ | |
₀₁₂ | |
₀₁₂ | |
₀₁₂ | |
⁰⁴⁵₀₁₂ | |
⁰⁴⁵₀₁₂ | |
⁰⁴⁵₀₁₂ | |
Two-Byte Characters | |
Strings which contain two-byte characters: can cause rendering issues or character-length issues | |
田中さんにあげて下さい | |
田中さんにあげて下さい | |
田中さんにあげて下さい | |
パーティーへ行かないか | |
パーティーへ行かないか | |
パーティーへ行かないか | |
和製漢語 | |
和製漢語 | |
和製漢語 | |
部落格 | |
部落格 | |
部落格 | |
사회과학원 어학연구소 | |
사회과학원 어학연구소 | |
사회과학원 어학연구소 | |
찦차를 타고 온 펲시맨과 쑛다리 똠방각하 | |
찦차를 타고 온 펲시맨과 쑛다리 똠방각하 | |
찦차를 타고 온 펲시맨과 쑛다리 똠방각하 | |
社會科學院語學研究所 | |
社會科學院語學研究所 | |
社會科學院語學研究所 | |
울란바토르 | |
울란바토르 | |
울란바토르 | |
𠜎𠜱𠝹𠱓𠱸𠲖𠳏 | |
𠜎𠜱𠝹𠱓𠱸𠲖𠳏 | |
𠜎𠜱𠝹𠱓𠱸𠲖𠳏 | |
Japanese Emoticons | |
Strings which consists of Japanese-style emoticons which are popular on the web | |
ヽ༼ຈل͜ຈ༽ノ ヽ༼ຈل͜ຈ༽ノ | |
ヽ༼ຈل͜ຈ༽ノ ヽ༼ຈل͜ຈ༽ノ | |
ヽ༼ຈل͜ຈ༽ノ ヽ༼ຈل͜ຈ༽ノ | |
(。◕ ∀ ◕。) | |
(。◕ ∀ ◕。) | |
(。◕ ∀ ◕。) | |
`ィ(´∀`∩ | |
`ィ(´∀`∩ | |
`ィ(´∀`∩ | |
__ロ(,_,*) | |
__ロ(,_,*) | |
__ロ(,_,*) | |
・( ̄∀ ̄)・:*: | |
・( ̄∀ ̄)・:*: | |
・(¯∀¯)・:*: | |
゚・✿ヾ╲(。◕‿◕。)╱✿・゚ | |
・✿ヾ╲(。◕‿◕。)╱✿・ | |
゚・✿ヾ╲(。◕‿◕。)╱✿・゚ | |
,。・:*:・゜’( ☻ ω ☻ )。・:*:・゜’ | |
,。・:*:・゜’( ☻ ω ☻ )。・:*:・゜’ | |
,。・:*:・゜’( ☻ ω ☻ )。・:*:・゜’ | |
(╯°□°)╯︵ ┻━┻) | |
(╯°□°)╯︵ ┻━┻) | |
(╯°□°)╯︵ ┻━┻) | |
(ノಥ益ಥ)ノ ┻━┻ | |
(ノಥ益ಥ)ノ ┻━┻ | |
(ノಥ益ಥ)ノ ┻━┻ | |
( ͡° ͜ʖ ͡°) | |
( ͡° ͜ʖ ͡°) | |
( ͡° ͜ʖ ͡°) | |
Emoji | |
Strings which contain Emoji; should be the same behavior as two-byte characters, but not always | |
😍 | |
😍 | |
😍 | |
👩🏽 | |
👩🏽 | |
👩🏽 | |
👾 🙇 💁 🙅 🙆 🙋 🙎 🙍 | |
👾 🙇 💁 🙅 🙆 🙋 🙎 🙍 | |
👾 🙇 💁 🙅 🙆 🙋 🙎 🙍 | |
🐵 🙈 🙉 🙊 | |
🐵 🙈 🙉 🙊 | |
🐵 🙈 🙉 🙊 | |
❤️ 💔 💌 💕 💞 💓 💗 💖 💘 💝 💟 💜 💛 💚 💙 | |
❤️ 💔 💌 💕 💞 💓 💗 💖 💘 💝 💟 💜 💛 💚 💙 | |
❤️ 💔 💌 💕 💞 💓 💗 💖 💘 💝 💟 💜 💛 💚 💙 | |
✋🏿 💪🏿 👐🏿 🙌🏿 👏🏿 🙏🏿 | |
✋🏿 💪🏿 👐🏿 🙌🏿 👏🏿 🙏🏿 | |
✋🏿 💪🏿 👐🏿 🙌🏿 👏🏿 🙏🏿 | |
🚾 🆒 🆓 🆕 🆖 🆗 🆙 🏧 | |
🚾 🆒 🆓 🆕 🆖 🆗 🆙 🏧 | |
🚾 🆒 🆓 🆕 🆖 🆗 🆙 🏧 | |
0️⃣ 1️⃣ 2️⃣ 3️⃣ 4️⃣ 5️⃣ 6️⃣ 7️⃣ 8️⃣ 9️⃣ 🔟 | |
0 1 2 3 4 5 6 7 8 9 🔟 | |
0️⃣ 1️⃣ 2️⃣ 3️⃣ 4️⃣ 5️⃣ 6️⃣ 7️⃣ 8️⃣ 9️⃣ 🔟 | |
Regional Indicator Symbols | |
Regional Indicator Symbols can be displayed differently across | |
fonts, and have a number of special behaviors | |
🇺🇸🇷🇺🇸 🇦🇫🇦🇲🇸 | |
🇺🇸🇷🇺🇸 🇦🇫🇦🇲🇸 | |
🇺🇸🇷🇺🇸 🇦🇫🇦🇲🇸 | |
🇺🇸🇷🇺🇸🇦🇫🇦🇲 | |
🇺🇸🇷🇺🇸🇦🇫🇦🇲 | |
🇺🇸🇷🇺🇸🇦🇫🇦🇲 | |
🇺🇸🇷🇺🇸🇦 | |
🇺🇸🇷🇺🇸🇦 | |
🇺🇸🇷🇺🇸🇦 | |
Unicode Numbers | |
Strings which contain unicode numbers; if the code is localized, it should see the input as numeric | |
123 | |
123 | |
123 | |
١٢٣ | |
١٢٣ | |
١٢٣ | |
Right-To-Left Strings | |
Strings which contain text that should be rendered RTL if possible (e.g. Arabic, Hebrew) | |
ثم نفس سقطت وبالتحديد،, جزيرتي باستخدام أن دنو. إذ هنا؟ الستار وتنصيب كان. أهّل ايطاليا، بريطانيا-فرنسا قد أخذ. سليمان، إتفاقية بين ما, يذكر الحدود أي بعد, معاملة بولندا، الإطلاق عل إيو. | |
ثم نفس سقطت وبالتحديد،, جزيرتي باستخدام أن دنو. إذ هنا؟ الستار وتنصيب كان. أهّل ايطاليا، بريطانيا-فرنسا قد أخذ. سليمان، إتفاقية بين ما, يذكر الحدود أي بعد, معاملة بولندا، الإطلاق عل إيو. | |
ثم نفس سقطت وبالتحديد،, جزيرتي باستخدام أن دنو. إذ هنا؟ الستار وتنصيب كان. أهّل ايطاليا، بريطانيا-فرنسا قد أخذ. سليمان، إتفاقية بين ما, يذكر الحدود أي بعد, معاملة بولندا، الإطلاق عل إيو. | |
בְּרֵאשִׁית, בָּרָא אֱלֹהִים, אֵת הַשָּׁמַיִם, וְאֵת הָאָרֶץ | |
בְּרֵאשִׁית, בָּרָא אֱלֹהִים, אֵת הַשָּׁמַיִם, וְאֵת הָאָרֶץ | |
בְּרֵאשִׁית, בָּרָא אֱלֹהִים, אֵת הַשָּׁמַיִם, וְאֵת הָאָרֶץ | |
הָיְתָהtestالصفحات التّحول | |
הָיְתָהtestالصفحات التّحول | |
הָיְתָהtestالصفحات التّحول | |
﷽ | |
﷽ | |
﷽ | |
ﷺ | |
ﷺ | |
ﷺ | |
مُنَاقَشَةُ سُبُلِ اِسْتِخْدَامِ اللُّغَةِ فِي النُّظُمِ الْقَائِمَةِ وَفِيم يَخُصَّ التَّطْبِيقَاتُ الْحاسُوبِيَّةُ، | |
مُنَاقَشَةُ سُبُلِ اِسْتِخْدَامِ اللُّغَةِ فِي النُّظُمِ الْقَائِمَةِ وَفِيم يَخُصَّ التَّطْبِيقَاتُ الْحاسُوبِيَّةُ، | |
مُنَاقَشَةُ سُبُلِ اِسْتِخْدَامِ اللُّغَةِ فِي النُّظُمِ الْقَائِمَةِ وَفِيم يَخُصَّ التَّطْبِيقَاتُ الْحاسُوبِيَّةُ، | |
Unicode Spaces | |
Strings which contain unicode space characters with special properties (c.f. https://www.cs.tut.fi/~jkorpela/chars/spaces.html) | |
␣ | |
␣ | |
␣ | |
␢ | |
␢ | |
␢ | |
␡ | |
␡ | |
␡ | |
Trick Unicode | |
Strings which contain unicode with unusual properties (e.g. Right-to-left override) (c.f. http://www.unicode.org/charts/PDF/U2000.pdf) | |
test | |
test | |
test | |
test | |
test | |
test | |
testU | |
testU | |
testU | |
testtest | |
testtest | |
testtest | |
test | |
test | |
test | |
Zalgo Text | |
Strings which contain "corrupted" text. The corruption will not appear in non-HTML text, however. (via http://www.eeemo.net) | |
Ṱ̺̺̕o͞ ̷i̲̬͇̪͙n̝̗͕v̟̜̘̦͟o̶̙̰̠kè͚̮̺̪̹̱̤ ̖t̝͕̳̣̻̪͞h̼͓̲̦̳̘̲e͇̣̰̦̬͎ ̢̼̻̱̘h͚͎͙̜̣̲ͅi̦̲̣̰̤v̻͍e̺̭̳̪̰-m̢iͅn̖̺̞̲̯̰d̵̼̟͙̩̼̘̳ ̞̥̱̳̭r̛̗̘e͙p͠r̼̞̻̭̗e̺̠̣͟s̘͇̳͍̝͉e͉̥̯̞̲͚̬͜ǹ̬͎͎̟̖͇̤t͍̬̤͓̼̭͘ͅi̪̱n͠g̴͉ ͏͉ͅc̬̟h͡a̫̻̯͘o̫̟̖͍̙̝͉s̗̦̲.̨̹͈̣ | |
Ṱ̺̺̕o ̷invokè͚̮̺̪̹̱̤ ̖the ̢̼̻̱̘hive-mind ̞̥̱̳̭represeǹ̬͎͎̟̖͇̤ting ͏͉ͅchaos. | |
Ṱ̺̺̕o͞ ̷i̲̬͇̪͙n̝̗͕v̟̜̘̦͟o̶̙̰̠kè͚̮̺̪̹̱̤ ̖t̝͕̳̣̻̪͞h̼͓̲̦̳̘̲e͇̣̰̦̬͎ ̢̼̻̱̘h͚͎͙̜̣̲ͅi̦̲̣̰̤v̻͍e̺̭̳̪̰-m̢iͅn̖̺̞̲̯̰d̵̼̟͙̩̼̘̳ ̞̥̱̳̭r̛̗̘e͙p͠r̼̞̻̭̗e̺̠̣͟s̘͇̳͍̝͉e͉̥̯̞̲͚̬͜ǹ̬͎͎̟̖͇̤t͍̬̤͓̼̭͘ͅi̪̱n͠g̴͉ ͏͉ͅc̬̟h͡a̫̻̯͘o̫̟̖͍̙̝͉s̗̦̲.̨̹͈̣ | |
I̗̘̦͝n͇͇͙v̮̫ok̲̫̙͈i̖͙̭̹̠̞n̡̻̮̣̺g̲͈͙̭͙̬͎ ̰t͔̦h̞̲e̢̤ ͍̬̲͖f̴̘͕̣è͖ẹ̥̩l͖͔͚i͓͚̦͠n͖͍̗͓̳̮g͍ ̨o͚̪͡f̘̣̬ ̖̘͖̟͙̮c҉͔̫͖͓͇͖ͅh̵̤̣͚͔á̗̼͕ͅo̼̣̥s̱͈̺̖̦̻͢.̛̖̞̠̫̰ | |
Invoking ̰the ͍̬̲͖fè͖ẹ̥̩ling ̨of ̖̘͖̟͙̮chá̗̼͕ͅos. | |
I̗̘̦͝n͇͇͙v̮̫ok̲̫̙͈i̖͙̭̹̠̞n̡̻̮̣̺g̲͈͙̭͙̬͎ ̰t͔̦h̞̲e̢̤ ͍̬̲͖f̴̘͕̣è͖ẹ̥̩l͖͔͚i͓͚̦͠n͖͍̗͓̳̮g͍ ̨o͚̪͡f̘̣̬ ̖̘͖̟͙̮c҉͔̫͖͓͇͖ͅh̵̤̣͚͔á̗̼͕ͅo̼̣̥s̱͈̺̖̦̻͢.̛̖̞̠̫̰ | |
Ṯ̤͍̥͇͈h̲́e͏͓̼̗̙̼̣͔ ͇̜̱̠͓͍ͅN͕͠e̗̱z̘̝̜̺͙p̤̺̹͍̯͚e̠̻̠͜r̨̤͍̺̖͔̖̖d̠̟̭̬̝͟i̦͖̩͓͔̤a̠̗̬͉̙n͚͜ ̻̞̰͚ͅh̵͉i̳̞v̢͇ḙ͎͟-҉̭̩̼͔m̤̭̫i͕͇̝̦n̗͙ḍ̟ ̯̲͕͞ǫ̟̯̰̲͙̻̝f ̪̰̰̗̖̭̘͘c̦͍̲̞͍̩̙ḥ͚a̮͎̟̙͜ơ̩̹͎s̤.̝̝ ҉Z̡̖̜͖̰̣͉̜a͖̰͙̬͡l̲̫̳͍̩g̡̟̼̱͚̞̬ͅo̗͜.̟ | |
Ṯ̤͍̥͇͈he ͇̜̱̠͓͍ͅNezperdian ̻̞̰͚ͅhivḙ͎͟-minḍ̟ ̯̲͕͞ǫ̟̯̰̲͙̻̝f ̪̰̰̗̖̭̘͘cḥ͚aơ̩̹͎s. ҉Zalgo. | |
Ṯ̤͍̥͇͈h̲́e͏͓̼̗̙̼̣͔ ͇̜̱̠͓͍ͅN͕͠e̗̱z̘̝̜̺͙p̤̺̹͍̯͚e̠̻̠͜r̨̤͍̺̖͔̖̖d̠̟̭̬̝͟i̦͖̩͓͔̤a̠̗̬͉̙n͚͜ ̻̞̰͚ͅh̵͉i̳̞v̢͇ḙ͎͟-҉̭̩̼͔m̤̭̫i͕͇̝̦n̗͙ḍ̟ ̯̲͕͞ǫ̟̯̰̲͙̻̝f ̪̰̰̗̖̭̘͘c̦͍̲̞͍̩̙ḥ͚a̮͎̟̙͜ơ̩̹͎s̤.̝̝ ҉Z̡̖̜͖̰̣͉̜a͖̰͙̬͡l̲̫̳͍̩g̡̟̼̱͚̞̬ͅo̗͜.̟ | |
H̬̤̗̤͝e͜ ̜̥̝̻͍̟́w̕h̖̯͓o̝͙̖͎̱̮ ҉̺̙̞̟͈W̷̼̭a̺̪͍į͈͕̭͙̯̜t̶̼̮s̘͙͖̕ ̠̫̠B̻͍͙͉̳ͅe̵h̵̬͇̫͙i̹͓̳̳̮͎̫̕n͟d̴̪̜̖ ̰͉̩͇͙̲͞ͅT͖̼͓̪͢h͏͓̮̻e̬̝̟ͅ ̤̹̝W͙̞̝͔͇͝ͅa͏͓͔̹̼̣l̴͔̰̤̟͔ḽ̫.͕ | |
He ̜̥̝̻͍̟́who ҉̺̙̞̟͈Waį͈͕̭͙̯̜ts ̠̫̠Behind ̰͉̩͇͙̲͞ͅThe ̤̹̝Walḽ̫. | |
H̬̤̗̤͝e͜ ̜̥̝̻͍̟́w̕h̖̯͓o̝͙̖͎̱̮ ҉̺̙̞̟͈W̷̼̭a̺̪͍į͈͕̭͙̯̜t̶̼̮s̘͙͖̕ ̠̫̠B̻͍͙͉̳ͅe̵h̵̬͇̫͙i̹͓̳̳̮͎̫̕n͟d̴̪̜̖ ̰͉̩͇͙̲͞ͅT͖̼͓̪͢h͏͓̮̻e̬̝̟ͅ ̤̹̝W͙̞̝͔͇͝ͅa͏͓͔̹̼̣l̴͔̰̤̟͔ḽ̫.͕ | |
Z̮̞̠͙͔ͅḀ̗̞͈̻̗Ḷ͙͎̯̹̞͓G̻O̭̗̮ | |
ZḀ̗̞͈̻̗Ḷ͙͎̯̹̞͓GO | |
Z̮̞̠͙͔ͅḀ̗̞͈̻̗Ḷ͙͎̯̹̞͓G̻O̭̗̮ | |
Unicode Upsidedown | |
Strings which contain unicode with an "upsidedown" effect (via http://www.upsidedowntext.com) | |
˙ɐnbᴉlɐ ɐuƃɐɯ ǝɹolop ʇǝ ǝɹoqɐl ʇn ʇunpᴉpᴉɔuᴉ ɹodɯǝʇ poɯsnᴉǝ op pǝs 'ʇᴉlǝ ƃuᴉɔsᴉdᴉpɐ ɹnʇǝʇɔǝsuoɔ 'ʇǝɯɐ ʇᴉs ɹolop ɯnsdᴉ ɯǝɹo˥ | |
˙ɐnbᴉlɐ ɐuƃɐɯ ǝɹolop ʇǝ ǝɹoqɐl ʇn ʇunpᴉpᴉɔuᴉ ɹodɯǝʇ poɯsnᴉǝ op pǝs 'ʇᴉlǝ ƃuᴉɔsᴉdᴉpɐ ɹnʇǝʇɔǝsuoɔ 'ʇǝɯɐ ʇᴉs ɹolop ɯnsdᴉ ɯǝɹo˥ | |
˙ɐnbᴉlɐ ɐuƃɐɯ ǝɹolop ʇǝ ǝɹoqɐl ʇn ʇunpᴉpᴉɔuᴉ ɹodɯǝʇ poɯsnᴉǝ op pǝs 'ʇᴉlǝ ƃuᴉɔsᴉdᴉpɐ ɹnʇǝʇɔǝsuoɔ 'ʇǝɯɐ ʇᴉs ɹolop ɯnsdᴉ ɯǝɹo˥ | |
00˙Ɩ$- | |
00˙Ɩ$- | |
00˙Ɩ$- | |
Unicode font | |
Strings which contain bold/italic/etc. versions of normal characters | |
The quick brown fox jumps over the lazy dog | |
The quick brown fox jumps over the lazy dog | |
The quick brown fox jumps over the lazy dog | |
𝐓𝐡𝐞 𝐪𝐮𝐢𝐜𝐤 𝐛𝐫𝐨𝐰𝐧 𝐟𝐨𝐱 𝐣𝐮𝐦𝐩𝐬 𝐨𝐯𝐞𝐫 𝐭𝐡𝐞 𝐥𝐚𝐳𝐲 𝐝𝐨𝐠 | |
𝐓𝐡𝐞 𝐪𝐮𝐢𝐜𝐤 𝐛𝐫𝐨𝐰𝐧 𝐟𝐨𝐱 𝐣𝐮𝐦𝐩𝐬 𝐨𝐯𝐞𝐫 𝐭𝐡𝐞 𝐥𝐚𝐳𝐲 𝐝𝐨𝐠 | |
𝐓𝐡𝐞 𝐪𝐮𝐢𝐜𝐤 𝐛𝐫𝐨𝐰𝐧 𝐟𝐨𝐱 𝐣𝐮𝐦𝐩𝐬 𝐨𝐯𝐞𝐫 𝐭𝐡𝐞 𝐥𝐚𝐳𝐲 𝐝𝐨𝐠 | |
𝕿𝖍𝖊 𝖖𝖚𝖎𝖈𝖐 𝖇𝖗𝖔𝖜𝖓 𝖋𝖔𝖝 𝖏𝖚𝖒𝖕𝖘 𝖔𝖛𝖊𝖗 𝖙𝖍𝖊 𝖑𝖆𝖟𝖞 𝖉𝖔𝖌 | |
𝕿𝖍𝖊 𝖖𝖚𝖎𝖈𝖐 𝖇𝖗𝖔𝖜𝖓 𝖋𝖔𝖝 𝖏𝖚𝖒𝖕𝖘 𝖔𝖛𝖊𝖗 𝖙𝖍𝖊 𝖑𝖆𝖟𝖞 𝖉𝖔𝖌 | |
𝕿𝖍𝖊 𝖖𝖚𝖎𝖈𝖐 𝖇𝖗𝖔𝖜𝖓 𝖋𝖔𝖝 𝖏𝖚𝖒𝖕𝖘 𝖔𝖛𝖊𝖗 𝖙𝖍𝖊 𝖑𝖆𝖟𝖞 𝖉𝖔𝖌 | |
𝑻𝒉𝒆 𝒒𝒖𝒊𝒄𝒌 𝒃𝒓𝒐𝒘𝒏 𝒇𝒐𝒙 𝒋𝒖𝒎𝒑𝒔 𝒐𝒗𝒆𝒓 𝒕𝒉𝒆 𝒍𝒂𝒛𝒚 𝒅𝒐𝒈 | |
𝑻𝒉𝒆 𝒒𝒖𝒊𝒄𝒌 𝒃𝒓𝒐𝒘𝒏 𝒇𝒐𝒙 𝒋𝒖𝒎𝒑𝒔 𝒐𝒗𝒆𝒓 𝒕𝒉𝒆 𝒍𝒂𝒛𝒚 𝒅𝒐𝒈 | |
𝑻𝒉𝒆 𝒒𝒖𝒊𝒄𝒌 𝒃𝒓𝒐𝒘𝒏 𝒇𝒐𝒙 𝒋𝒖𝒎𝒑𝒔 𝒐𝒗𝒆𝒓 𝒕𝒉𝒆 𝒍𝒂𝒛𝒚 𝒅𝒐𝒈 | |
𝓣𝓱𝓮 𝓺𝓾𝓲𝓬𝓴 𝓫𝓻𝓸𝔀𝓷 𝓯𝓸𝔁 𝓳𝓾𝓶𝓹𝓼 𝓸𝓿𝓮𝓻 𝓽𝓱𝓮 𝓵𝓪𝔃𝔂 𝓭𝓸𝓰 | |
𝓣𝓱𝓮 𝓺𝓾𝓲𝓬𝓴 𝓫𝓻𝓸𝔀𝓷 𝓯𝓸𝔁 𝓳𝓾𝓶𝓹𝓼 𝓸𝓿𝓮𝓻 𝓽𝓱𝓮 𝓵𝓪𝔃𝔂 𝓭𝓸𝓰 | |
𝓣𝓱𝓮 𝓺𝓾𝓲𝓬𝓴 𝓫𝓻𝓸𝔀𝓷 𝓯𝓸𝔁 𝓳𝓾𝓶𝓹𝓼 𝓸𝓿𝓮𝓻 𝓽𝓱𝓮 𝓵𝓪𝔃𝔂 𝓭𝓸𝓰 | |
𝕋𝕙𝕖 𝕢𝕦𝕚𝕔𝕜 𝕓𝕣𝕠𝕨𝕟 𝕗𝕠𝕩 𝕛𝕦𝕞𝕡𝕤 𝕠𝕧𝕖𝕣 𝕥𝕙𝕖 𝕝𝕒𝕫𝕪 𝕕𝕠𝕘 | |
𝕋𝕙𝕖 𝕢𝕦𝕚𝕔𝕜 𝕓𝕣𝕠𝕨𝕟 𝕗𝕠𝕩 𝕛𝕦𝕞𝕡𝕤 𝕠𝕧𝕖𝕣 𝕥𝕙𝕖 𝕝𝕒𝕫𝕪 𝕕𝕠𝕘 | |
𝕋𝕙𝕖 𝕢𝕦𝕚𝕔𝕜 𝕓𝕣𝕠𝕨𝕟 𝕗𝕠𝕩 𝕛𝕦𝕞𝕡𝕤 𝕠𝕧𝕖𝕣 𝕥𝕙𝕖 𝕝𝕒𝕫𝕪 𝕕𝕠𝕘 | |
𝚃𝚑𝚎 𝚚𝚞𝚒𝚌𝚔 𝚋𝚛𝚘𝚠𝚗 𝚏𝚘𝚡 𝚓𝚞𝚖𝚙𝚜 𝚘𝚟𝚎𝚛 𝚝𝚑𝚎 𝚕𝚊𝚣𝚢 𝚍𝚘𝚐 | |
𝚃𝚑𝚎 𝚚𝚞𝚒𝚌𝚔 𝚋𝚛𝚘𝚠𝚗 𝚏𝚘𝚡 𝚓𝚞𝚖𝚙𝚜 𝚘𝚟𝚎𝚛 𝚝𝚑𝚎 𝚕𝚊𝚣𝚢 𝚍𝚘𝚐 | |
𝚃𝚑𝚎 𝚚𝚞𝚒𝚌𝚔 𝚋𝚛𝚘𝚠𝚗 𝚏𝚘𝚡 𝚓𝚞𝚖𝚙𝚜 𝚘𝚟𝚎𝚛 𝚝𝚑𝚎 𝚕𝚊𝚣𝚢 𝚍𝚘𝚐 | |
⒯⒣⒠ ⒬⒰⒤⒞⒦ ⒝⒭⒪⒲⒩ ⒡⒪⒳ ⒥⒰⒨⒫⒮ ⒪⒱⒠⒭ ⒯⒣⒠ ⒧⒜⒵⒴ ⒟⒪⒢ | |
⒯⒣⒠ ⒬⒰⒤⒞⒦ ⒝⒭⒪⒲⒩ ⒡⒪⒳ ⒥⒰⒨⒫⒮ ⒪⒱⒠⒭ ⒯⒣⒠ ⒧⒜⒵⒴ ⒟⒪⒢ | |
⒯⒣⒠ ⒬⒰⒤⒞⒦ ⒝⒭⒪⒲⒩ ⒡⒪⒳ ⒥⒰⒨⒫⒮ ⒪⒱⒠⒭ ⒯⒣⒠ ⒧⒜⒵⒴ ⒟⒪⒢ | |
Command Injection (Ruby) | |
Strings which can call system commands within Ruby/Rails applications | |
eval("puts 'hello world'") | |
eval("puts 'hello world'") | |
eval("puts 'hello world'") | |
System("ls -al /") | |
System("ls -al /") | |
System("ls -al /") | |
`ls -al /` | |
`ls -al /` | |
`ls -al /` | |
Kernel.exec("ls -al /") | |
Kernel.exec("ls -al /") | |
Kernel.exec("ls -al /") | |
Kernel.exit(1) | |
Kernel.exit(1) | |
Kernel.exit(1) | |
%x('ls -al /') | |
%x('ls -al /') | |
%x('ls -al /') | |
Unwanted Interpolation | |
Strings which can be accidentally expanded into different strings if evaluated in the wrong context, e.g. used as a printf format string or via Perl or shell eval. Might expose sensitive data from the program doing the interpolation, or might just represent the wrong string. | |
$HOME | |
$HOME | |
$HOME | |
$ENV{'HOME'} | |
$ENV{'HOME'} | |
$ENV{'HOME'} | |
%d | |
%d | |
%d | |
%s | |
%s | |
%s | |
{0} | |
{0} | |
{0} | |
%*.*s | |
%*.*s | |
%*.*s | |
Known CVEs and Vulnerabilities | |
Strings that test for known vulnerabilities | |
() { 0; }; touch /tmp/blns.shellshock1.fail; | |
() { 0; }; touch /tmp/blns.shellshock1.fail; | |
() { 0; }; touch /tmp/blns.shellshock1.fail; | |
() { _; } >_[$($())] { touch /tmp/blns.shellshock2.fail; } | |
() { _; } >_[$($())] { touch /tmp/blns.shellshock2.fail; } | |
() { _; } >_[$($())] { touch /tmp/blns.shellshock2.fail; } | |
<<< %s(un='%s') = %u | |
<<< %s(un='%s') = %u | |
<<< %s(un='%s') = %u | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment