From 637a06c7bfcee6a27c0d4bdeceb18f2098e76301 Mon Sep 17 00:00:00 2001
From: Joseph Lennox <jlennox@gmail.com>
Date: Mon, 10 Aug 2015 13:46:53 -0700
Subject: [PATCH 1/4] Add numbers to detect poor decimal validation. Add
 non-numeric Number types to detect poorly handled JavaScript validation.

---
 blns.txt | 6 ++++++
 1 file changed, 6 insertions(+)
diff --git a/blns.txt b/blns.txt
index 64c27cf..da96b75 100644
--- a/blns.txt
+++ b/blns.txt
@@ -26,7 +26,13 @@ $1.00
 1/0
 0/0
 0.00
+0..0
+.
+0.0.0
 999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999
+NaN
+Infinity
+-Infinity
 
 #	Special Characters
 #

From aed81403bc3e4fee5474fb909c4dc51ade4edf94 Mon Sep 17 00:00:00 2001
From: Joseph Lennox <jlennox@gmail.com>
Date: Mon, 10 Aug 2015 13:48:01 -0700
Subject: [PATCH 2/4] Add backtick special character list because IE7 allows it
 as attribute quotes. Add basic attribute escapes to XSS list.

---
 blns.txt | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/blns.txt b/blns.txt
index da96b75..f9ae5dd 100644
--- a/blns.txt
+++ b/blns.txt
@@ -40,7 +40,7 @@ Infinity
 
 ,./;'[]\-=
 <>?:"{}|_+
-!@#$%^&*()
+!@#$%^&*()`
 
 #	Unicode Symbols
 #
@@ -177,6 +177,10 @@ Z̮̞̠͙͔ͅḀ̗̞͈̻̗Ḷ͙͎̯̹̞͓G̻O̭̗̮
 <script>alert('hi')</script>
 <img src=x onerror=alert('hi') />
 <svg><script>0<1>alert('XSS')</script> 
+"><script>alert(document.title)</script>
+><script>alert(document.title)</script>
+'><script>alert(document.title)</script>
+"><script>alert(document.title)</script>
 
 #	SQL Injection
 #

From dac244a7cc3079ea13c395013f0552bc786b5aaa Mon Sep 17 00:00:00 2001
From: Joseph Lennox <jlennox@gmail.com>
Date: Mon, 10 Aug 2015 13:57:51 -0700
Subject: [PATCH 3/4] Add numbers to detect poor decimal validation -- European
 decimal format.

---
 blns.txt | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/blns.txt b/blns.txt
index f9ae5dd..872f75d 100644
--- a/blns.txt
+++ b/blns.txt
@@ -29,6 +29,10 @@ $1.00
 0..0
 .
 0.0.0
+0,00
+0,,0
+,
+0,0,0
 999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999
 NaN
 Infinity

From 746eab6d76fc8fbf80afc53101be989a1c241ecc Mon Sep 17 00:00:00 2001
From: Joseph Lennox <jlennox@gmail.com>
Date: Mon, 10 Aug 2015 13:59:06 -0700
Subject: [PATCH 4/4] Remove duplicated XSS.

---
 blns.txt | 1 -
 1 file changed, 1 deletion(-)

diff --git a/blns.txt b/blns.txt
index 872f75d..b13a9c8 100644
--- a/blns.txt
+++ b/blns.txt
@@ -184,7 +184,6 @@ Z̮̞̠͙͔ͅḀ̗̞͈̻̗Ḷ͙͎̯̹̞͓G̻O̭̗̮
 "><script>alert(document.title)</script>
 ><script>alert(document.title)</script>
 '><script>alert(document.title)</script>
-"><script>alert(document.title)</script>
 
 #	SQL Injection
 #
