Download
The Big List of Naughty Strings is a community-maintained catalog of “gotcha” inputs that commonly break software, from unusual Unicode to SQL and script injection payloads. It exists so developers and QA engineers can easily test edge cases that normal test data would miss, such as zero-width characters, right-to-left marks, emojis, foreign alphabets, and long or malformed strings. By throwing these strings at forms, APIs, databases, and UIs, teams can discover encoding bugs, sanitizer gaps, rendering issues, and security oversights early. The list is language-agnostic and repository-friendly, meaning you can consume it from CI pipelines or local scripts with minimal setup. Because it’s crowdsourced, it reflects real issues practitioners have faced in production, not just theoretical cases. Using the list regularly helps harden applications against the fragile edges of text processing and user input.
Features
- Extensive corpus of edge-case strings for stress-testing inputs
- Coverage of Unicode oddities, control characters, emojis, and RTL/LTR markers
- Inclusion of security-relevant payloads for SQL/XSS and similar vectors
- Simple, language-agnostic file formats for easy automation
- Useful in CI pipelines, fuzzing jobs, and manual exploratory testing
- Community-driven updates that track real production pitfalls
Project Samples
