A Test String to Break Stuff | The Difficult Bit

I use this string both in unit tests and when testing an application directly:

Z<XD> & кот' <b>£</b>{a}

Analysis:

“Z”: starts with a normal letter.
“<XD>”: this is not a well-formed XHTML/XML element as it is not closed.
“&”: will blow up XML parsing as it is not escaped.
“кот” Russian characters that will not display correctly if Unicode is not handled properly.
“‘” single quote will break SQL if injected into a SQL statement.
“<b>£</b>” will display a bold character if used as HTML and not escaped correctly.
“{a}” will cause exception if string is used as the target of a string format.