minimaxir/big-list-of-naughty-strings

The Big List of Naughty Strings is a curated collection of text strings specifically chosen because they are likely to cause bugs, crashes, or unexpected behavior when a program uses them as user input. The problem it solves is that developers often test their applications with normal, well-behaved input but forget to check what happens with unusual or edge-case text. Real users, and especially malicious ones, can submit things like empty strings, strings containing only spaces, very long strings, strings with special Unicode characters, strings that look like code injections, strings in right-to-left languages, strings with null bytes, and strings that have historically tripped up databases or web applications. The project provides a plain text file called blns.txt where each line is one of these problematic strings, organized into labeled categories. There is also a JSON version for loading the list programmatically in your own test scripts. A small Python helper script generates the JSON from the text file. Third-party packages for Node.js.NET, PHP, and C++ let you import the list directly into automated test suites without copying files manually. You would use this when building any application that accepts text input from users, a sign-up form, a search box, a comment field, a file upload field, a chat app, and you want to stress-test it against the kinds of inputs that commonly break software. QA engineers paste these strings into forms during manual testing, and automated test suites loop through the JSON file to catch regressions. The list is language-agnostic; the strings are the test data, and your application under test handles them in whatever language it is written in.