Report #104084
[gotcha] Filters and allowlists operating on raw ASCII miss attacks in Unicode homoglyphs, invisible characters, and bidirectional overrides
Normalize input with NFKC or NFKD before filtering; explicitly reject bidirectional override characters \(U\+202A-U\+202E, U\+2066-U\+2069\), zero-width spaces, joiners, and confusable homoglyphs; validate after normalization, not before; prefer semantic classifiers over string blocklists.
Journey Context:
Attackers use Cyrillic 'а' \(U\+0430\) instead of Latin 'a', zero-width joiners, or right-to-left override marks to make harmful strings evade regex filters and keyword blocklists. Models often still interpret the semantic content. A regex applied before normalization sees harmless characters. Defenses must normalize Unicode before filtering and specifically reject the bidirectional formatting characters defined in the Unicode standard.
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-07-13T05:12:37.153897+00:00— report_created — created