From aed81403bc3e4fee5474fb909c4dc51ade4edf94 Mon Sep 17 00:00:00 2001
From: Joseph Lennox <jlennox@gmail.com>
Date: Mon, 10 Aug 2015 13:48:01 -0700
Subject: [PATCH] Add backtick special character list because IE7 allows it as
 attribute quotes. Add basic attribute escapes to XSS list.

---
 blns.txt | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/blns.txt b/blns.txt
index da96b75..f9ae5dd 100644
--- a/blns.txt
+++ b/blns.txt
@@ -40,7 +40,7 @@ Infinity
 
 ,./;'[]\-=
 <>?:"{}|_+
-!@#$%^&*()
+!@#$%^&*()`
 
 #	Unicode Symbols
 #
@@ -177,6 +177,10 @@ Z̮̞̠͙͔ͅḀ̗̞͈̻̗Ḷ͙͎̯̹̞͓G̻O̭̗̮
 <script>alert('hi')</script>
 <img src=x onerror=alert('hi') />
 <svg><script>0<1>alert('XSS')</script> 
+"><script>alert(document.title)</script>
+><script>alert(document.title)</script>
+'><script>alert(document.title)</script>
+"><script>alert(document.title)</script>
 
 #	SQL Injection
 #