🔍 Problem Description
Considering that some users might send invisible Unicode characters (e.g., \u200B, \u200D), this could lead to security bypasses, UI glitches, or even prompt injection threats.
As highlighted in this technical analysis:
🔗 Invisible Unicode Threats - Promptfoo
💡 Proposed Features
- Zero-width Filtering: Automatically strip invisible characters from user input to maintain data integrity.
- Character Limit Restriction: Add an option to set a hard limit on input length to prevent buffer-related issues or spam.
🛠️ Technical Implementation Idea
We can use a regex to sanitize the input strings before processing:
// Example Regex to strip common invisible threats
const cleanText = input.replace(/[\u200b-\u200d\uFEFF\u202a-\u202e]/g, "");
🔍 Problem Description
Considering that some users might send invisible Unicode characters (e.g.,
\u200B,\u200D), this could lead to security bypasses, UI glitches, or even prompt injection threats.As highlighted in this technical analysis:
💡 Proposed Features
🛠️ Technical Implementation Idea
We can use a regex to sanitize the input strings before processing: