[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-808":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":9,"language":10,"languages":9,"totalLinesOfCode":9,"stars":11,"forks":12,"watchers":13,"openIssues":14,"contributorsCount":15,"subscribersCount":15,"size":15,"stars1d":15,"stars7d":16,"stars30d":17,"stars90d":15,"forks30d":15,"starsTrendScore":18,"compositeScore":19,"rankGlobal":9,"rankLanguage":9,"license":20,"archived":21,"fork":21,"defaultBranch":22,"hasWiki":23,"hasPages":21,"topics":24,"createdAt":9,"pushedAt":9,"updatedAt":25,"readmeContent":26,"aiSummary":27,"trendingCount":15,"starSnapshotCount":15,"syncStatus":28,"lastSyncTime":29,"discoverSource":30},808,"big-list-of-naughty-strings","minimaxir\u002Fbig-list-of-naughty-strings","minimaxir","The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data.",null,"Python",47671,2163,837,69,0,17,57,6,45,"MIT License",false,"master",true,[],"2026-06-12 02:00:19","# Big List of Naughty Strings\nThe Big List of Naughty Strings is an evolving list of strings which have a high probability of causing issues when used as user-input data. This is intended for use in helping both automated and manual QA testing; useful for whenever your QA engineer [walks into a bar](http:\u002F\u002Fwww.sempf.net\u002Fpost\u002FOn-Testing1).\n\n## Why Test Naughty Strings?\n\nEven multi-billion dollar companies with huge amounts of automated testing can't find every bad input. For example, look at what happens when you try to Tweet a [zero-width space](https:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FZero-width_space) (U+200B) on Twitter:\n\n![](http:\u002F\u002Fi.imgur.com\u002FHyDg2eV.gif)\n\nAlthough this is not a malicious error, and typical users aren't Tweeting weird unicode, an \"internal server error\" for unexpected input is never a positive experience for the user, and may in fact be a symptom of deeper string-validation issues. The Big List of Naughty Strings is intended to help reveal such issues.\n\n## Usage\n\n`blns.txt` consists of newline-delimited strings and comments which are preceded with `#`. The comments divide the strings into sections for easy manual reading and copy\u002Fpasting into input forms. For those who want to access the strings programmatically, a `blns.json` file is provided containing an array with all the comments stripped out (the `scripts` folder contains a Python script used to generate the `blns.json`).\n\n## Contributions\n\nFeel free to send a pull request to add more strings, or additional sections. However, please do not send pull requests with very-long strings (255+ characters), as that makes the list much more difficult to view.\n\nLikewise, please do not send pull requests which compromise *manual usability of the file*. This includes the [EICAR test string](https:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FEICAR_test_file), which can cause the file to be flagged by antivirus scanners, and files which alter the encoding of `blns.txt`. Also, do not send a null character (U+0000) string, as it [changes the file format on GitHub to binary](http:\u002F\u002Fstackoverflow.com\u002Fa\u002F19723302) and renders it unreadable in pull requests. Finally, when adding or removing a string please update all files when you perform a pull request.\n\n## Disclaimer\n\nThe Big List of Naughty Strings is intended to be used *for software you own and manage*. Some of the Naughty Strings can indicate security vulnerabilities, and as a result using such strings with third-party software may be a crime. The maintainer is not responsible for any negative actions that result from the use of the list.\n\nAdditionally, the Big List of Naughty Strings is not a fully-comprehensive substitute for formal security\u002Fpenetration testing for your service.\n\n## Library \u002F Packages\n\nVarious implementations of the Big List of Naughty Strings have made it to various package managers.  Those are maintained by outside parties, but can be found here:\n\n| Library | Link |\n| ------- | ---- |\n| Node | https:\u002F\u002Fwww.npmjs.com\u002Fpackage\u002Fblns |\n| Node | https:\u002F\u002Fwww.npmjs.com\u002Fpackage\u002Fbig-list-of-naughty-strings |\n| .NET | https:\u002F\u002Fgithub.com\u002FSimonCropp\u002FNaughtyStrings |\n| PHP | https:\u002F\u002Fgithub.com\u002Fmattsparks\u002Fblns-php |\n| C++  | https:\u002F\u002Fgithub.com\u002Feliabieri\u002Fblnscpp |\n\nPlease open a PR to list others.\n\n## Maintainer\u002FCreator\n\nMax Woolf ([@minimaxir](https:\u002F\u002Ftwitter.com\u002Fminimaxir))\n\n## Social Media Discussions\n\n* June 10, 2015 [Hacker News]: [Show HN: Big List of Naughty Strings for testing user-input data](https:\u002F\u002Fnews.ycombinator.com\u002Fitem?id=10035008)\n* August 17, 2015 [Reddit]: [Big list of naughty strings.](https:\u002F\u002Fwww.reddit.com\u002Fr\u002Fprogramming\u002Fcomments\u002F3hdxqx\u002Fbig_list_of_naughty_strings\u002F)\n* February 9, 2016 [Reddit]: [Big List of Naughty Strings](https:\u002F\u002Fwww.reddit.com\u002Fr\u002Fwebdev\u002Fcomments\u002F44wc5b\u002Fbig_list_of_naughty_strings\u002F)\n* January 15, 2017 [Hacker News]: [Naughty Strings: A list of strings likely to cause issues as user-input data](https:\u002F\u002Fnews.ycombinator.com\u002Fitem?id=13406119)\n* January 16, 2017 [Reddit]: [Naughty Strings: A list of strings likely to cause issues as user-input data](https:\u002F\u002Fwww.reddit.com\u002Fr\u002Fprogramming\u002Fcomments\u002F5o9inb\u002Fnaughty_strings_a_list_of_strings_likely_to_cause\u002F)\n* November 16, 2018 [Hacker News]: [Big List of Naughty Strings](https:\u002F\u002Fnews.ycombinator.com\u002Fitem?id=18466787)\n* November 16, 2018 [Reddit]: [Naughty Strings - A list of strings which have a high probability of causing issues when used as user-input data](https:\u002F\u002Fwww.reddit.com\u002Fr\u002Fprogramming\u002Fcomments\u002F9xla2j\u002Fnaughty_strings_a_list_of_strings_which_have_a\u002F)\n\n## License\n\nMIT\n","Big List of Naughty Strings 是一个包含高概率引发问题的字符串列表，特别适用于作为用户输入数据时的情况。项目提供了一个持续更新的字符串集合，旨在帮助自动化和手动质量保证测试，发现潜在的字符串验证问题。这些字符串包括但不限于零宽空格等特殊Unicode字符，能够有效揭示软件处理异常输入的能力。适合用于任何需要增强输入验证安全性和稳定性的应用场景，如Web应用、移动应用以及后端服务等。项目支持Python语言，并以MIT许可证发布，鼓励社区贡献新的字符串或分类，但需遵守一定的贡献指南以保持文件的易用性。",2,"2026-06-11 02:39:28","top_all"]