The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data.

Overview

The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data.

I have put together these strings to create Naughty Keyboard – a very simple iOS app that gives you access to a custom keyboard to use these strings to test your application.

Instructions

Clone the app, run it from Xcode then activate the keyboard. I'm pretty sure Apple wouldn't allow me to put this on the App Store.

Setting up AppGroup

This project comes with a syncing mechanism to be able to be up-to-date with the latest strings from the Big List of Naughty Strings.

The way this project is structured is by using App Groups and sharing the UserDefaults instance across the extension and the main app as well as the synced file with the naughty strings.

In order to do this there's a couple of things that need to be done before compiling and running the project:

  1. Set the project’s bundle identifier prefix.
  2. Select your development team.
  3. Create provisioning profiles.

1. Set the Project’s Bundle Identifier Prefix

Open app Xcode, select NaughtyStrings project -> Build Settings and change the User Defined value NAUGHTYSTRINGS_BUNDLE_PREFIX to a globally unique reverse DNS string for your own organization’s name.

2. Select Your Development Team

Select your paid iOS Developer Program account as the development team for each of the four targets below:

  • NaughtyStrings
  • NaughtyKeyboard
  • NaughtyStringsProxy

3. Create Provisioning Profiles

Create a provisioning profile for each of the three targets below:

  • NaughtyStrings
  • NaughtyKeyboard
  • NaughtyStringsProxy

Xcode helps you to create these provisioning profiles. First, select the NaughtyStrings project in Xcode's project navigator. Then, for each of the three targets listed above:

  1. Select the target in the Targets list.
  2. Select the General tab in the right-hand pane.
  3. In the Identity section, under the Team popup menu, click Fix Issue.
  4. Xcode will download a new provisioning profile for that target. (This process may take up to 30 seconds per target.)

Disclaimer

The Big List of Naughty Strings (and this keyboard) is intended to be used for software you own and manage. Some of the Naughty Strings can indicate security vulnerabilies, and as a result using such strings with third-party software may be a crime. The maintainer is not responsible for any negative actions that result from the use of the list.

Maintainer

License

NaughtyKeyboard may be freely distributed under the MIT License. See the LICENSE file.

The application icon is based on icons Tyler Glaude and Herbert Spencer from The Noun Project. Used under a Creative Commons BY 3.0 license.

You might also like...
This is a simple test app getting data from network to practice a tad bit.

test This is a simple test app getting data from network to practice a tad bit. Start Nothing fancy, no CocoaPods, just clone and run! Architecture Ju

Creation of data model easily, with no headache.

DataFixture Create data models easily, with no headache. DataFixture is a convenient way to generate new data for testing / seeding your Realm Databas

An extremely simple CLI tool that was created to diagnose and further understand an issue in DriverKit causing kIOHIDOptionsTypeSeizeDevice to behave incorrectly when used in DriverKit system extensions.

IOKitHIDKeyboardTester This tool is NOT useful to, or intended for general users. IOKitHIDKeyboardTester is an extremely simple (one-file!) CLI tool t

Assertions for XCTest which prevent fatal errors causing the process to die.

Hela Assertions for XCTest which prevent fatal errors causing the process to die. The following assertions are supported. These functions are built on

Registre-aqui - Mobile Application that displays infrastructure issues that your city may have
Registre-aqui - Mobile Application that displays infrastructure issues that your city may have

Registre Aqui About | Features | Technologies | Requirements About Mobile Applic

Input Mask is an Android & iOS native library allowing to format user input on the fly.
Input Mask is an Android & iOS native library allowing to format user input on the fly.

Migration Guide: v.6 This update brings breaking changes. Namely, the autocomplete flag is now a part of the CaretGravity enum, thus the Mask::apply c

Input Validation Done Right. A Swift DSL for Validating User Input using Allow/Deny Rules
Input Validation Done Right. A Swift DSL for Validating User Input using Allow/Deny Rules

Valid Input Validation Done Right. Have you ever struggled with a website with strange password requirements. Especially those crazy weird ones where

A menu bar app to change input source swiftly using shortcuts on macOS Big Sur or later.

Source Switcher A menu bar app to change input sources swiftly using shortcuts on macOS Big Sur and later. View screenshots Introduction This app uses

A Swift probability and statistics library

Probably Probably is a set of Swift structures for computing the probability and cumulative distributions of different probablistic functions. Right n

A Swift package for working with probability-driven randomness

ControlledChaos ControlledChaos is a simple Swift package for working with proba

Custom UIView class that hosts an array of UIbuttons that have an 'underline' UIView beneath them which moves from button to button when the user presses on them.
Custom UIView class that hosts an array of UIbuttons that have an 'underline' UIView beneath them which moves from button to button when the user presses on them.

Swift-Underlined-Button-Bar Custom UIView class that hosts an array of UIbuttons that have an 'underline' UIView beneath them which moves from button

An auto-layout base UITextView subclass which automatically grows with user input and can be constrained by maximal and minimal height - all without a single line of code

Deprecated This library is no longer maintained and is deprecated. The repository might be removed at any point in the future. MBAutoGrowingTextView A

JSONHelper - ✌ Convert anything into anything in one operation; JSON data into class instances, hex strings into UIColor/NSColor, y/n strings to booleans, arrays and dictionaries of these; anything you can make sense of!

JSONHelper Convert anything into anything in one operation; hex strings into UIColor/NSColor, JSON strings into class instances, y/n strings to boolea

The Big Nerd Ranch Core Data Stack
The Big Nerd Ranch Core Data Stack

BNR Core Data Stack The BNR Core Data Stack is a small Swift framework that makes it both easier and safer to use Core Data. A better fetched results

NewsApp - MVVM pattern have been used
NewsApp - MVVM pattern have been used

NewsApp MVVM pattern have been used. All features are working properly as suppose to. Alamofire, Kingfisher, lottie-ios and IQKeyboardManagerSwift pod

WKZombie is a Swift framework for iOS/OSX to navigate within websites and collect data without the need of User Interface or API, also known as Headless browser. It can be used to run automated tests / snapshots and manipulate websites using Javascript.
Creates WordCloud type graph from a string or array of strings input.

CPTWordCloud Example To run the example project, clone the repo, and run pod install from the Example directory first. Requirements Installation CPTWo

Swift library that makes easier to serialize the user's preferences (app's settings) with system User Defaults or Property List file on disk.

PersistentStorageSerializable PersistentStorageSerializable is a protocol for automatic serialization and deserialization of Swift class, struct or NS

Codeless drop-in universal library allows to prevent issues of keyboard sliding up and cover UITextField/UITextView. Neither need to write any code nor any setup required and much more.
Codeless drop-in universal library allows to prevent issues of keyboard sliding up and cover UITextField/UITextView. Neither need to write any code nor any setup required and much more.

IQKeyboardManager While developing iOS apps, we often run into issues where the iPhone keyboard slides up and covers the UITextField/UITextView. IQKey

Comments
  • Synching capabilities

    Synching capabilities

    Fix #2

    Done:

    • App check against master of «Big List of Naughty Strings»
    • If newer version is detected the file is downloaded
    • Migrated to Swift 2.0

    TODO:

    • [x] Save the downloaded file to disk
    • [x] Create App Group to have a shared sandbox
    • [x] Make the keyboard read from the shared sandbox
    • [x] Add instructions on setting up the AppGroup configuration in the README
    opened by esttorhe 15
  • [Feature Request] Sync word list from here.

    [Feature Request] Sync word list from here.

    Would be interesting if the app had some sort of sync mechanism to download the latest version from the repo.

    This way people could PR new «naughty» strings and testers could easily and fairly quickly update the list without having to re-deploy the keyboard to their devices.

    PS. I haven't looked at the current implementation; meaning I don't know if the keyboard already supports this. PS2. If not I'll try to submit a PR with this behavior later this week

    :bow:

    opened by esttorhe 3
  • Add application icon

    Add application icon

    I created an icon for NaughtyKeyboard, if you are interested:

    It was created using icons from The Noun Project and the iOS 8 icon template from AppIconTemplates. I've also included the license and credits in your README.md.


    This is what the icon looks like in different contexts:

    opened by ebelair 1
  • Add new line characters U+2028 & U+2029

    Add new line characters U+2028 & U+2029

    The unicode standard defines two new line characters to disambiguate between a line separator for formatting purposes or a new paragraph. (See section 5.8. http://www.unicode.org/versions/Unicode6.0.0/ch05.pdf).

    There is really poor support for it and I have even seen some crashes & exceptions caused by these characters. They are also semi-common in the wild. Some spreadsheet software spits these out when you type shift-enter.

    Would these be good candidates for 'Naughty strings'? (sorry if they are there already)

    opened by rsaunders100 0
Owner
Romain Pouclet
Developer Relations Engineer @ Buddybuild.com
Romain Pouclet
Test-To-Do-List - Test To Do List with core data

test-To-Do-List This is my first pet project with core data Launch screen Main s

Artem 0 Feb 26, 2022
Detailed explanations and implementations of various maths concepts for writing high performance code/algorithms backed with Unit tests.

Detailed explanations and implementations of various maths concepts which can help software Engineers write high performance code/algorithms backed with Unit tests.

Mussa Charles 2 Sep 25, 2022
Tapper - simple app for iOS and iPadOS allows a user to tap a button as many times as possible in 20 seconds

Tapper Table of Contents Description Screenshots Installation Usage Code Contact

Geoff Johnson 0 Mar 12, 2022
Write unit tests which test the layout of a view in multiple configurations

Overview This library enables you to write unit tests which test the layout of a view in multiple configurations. It tests the view with different dat

LinkedIn 565 Nov 16, 2022
Bank-Test - MVVM List-Details App using combine

Bank-Test MVVM List-Details App using combine Pods used in this Task Moya with A

Ahmed Allam 0 Jan 1, 2022
Displays list of Marvel Characters for iOS

Marvel Features: Displays list of Marvel Characters Displays detail of selected Marvel Character. Screenshots of application: Installation: Dependecie

null 0 Jan 17, 2022
This is a Swift port of Ruby's Faker library that generates fake data.

This is a Swift port of Ruby's Faker library that generates fake data. Are you still bothered with meaningless randomly character strings? Just relax

Vadym Markov 1.6k Jan 3, 2023
Stub your network requests easily! Test your apps with fake network data and custom response time, response code and headers!

OHHTTPStubs OHHTTPStubs is a library designed to stub your network requests very easily. It can help you: test your apps with fake network data (stubb

Olivier Halligon 4.9k Dec 29, 2022
SwiftCheck is a testing library that automatically generates random data for testing of program properties

SwiftCheck QuickCheck for Swift. For those already familiar with the Haskell library, check out the source. For everybody else, see the Tutorial Playg

TypeLift 1.4k Dec 21, 2022
AutoMocker is a Swift framework that leverages the type system to let you easily create mocked instances of your data types.

AutoMocker Context AutoMocker is a Swift framework that leverages the type system to let you easily create mocked instances of your data types. Here's

Vincent Pradeilles 39 May 19, 2022