Overview PromptShield Threat Model Scanning Pipeline Ignore Directives

decodeUnicodeTags()enrichWithLocation()getLineOffsets()getLocForIndex()scan()scanHomoglyphs()scanInjectionPatterns()scanInvisibleChars()scanNormalization()scanSmuggling()scanTrojanSource()

API DocsFunctions

scanNormalization()

scanNormalization(text, options?): ThreatReportWithoutLocation[]

Defined in: normalization.ts:49

Unicode normalization detector.

Detects characters whose representation changes under NFKC normalization.

Unicode normalization may transform visually similar or compatibility characters into canonical equivalents. When displayed text differs from its normalized form, this can introduce ambiguity between what users see and what downstream systems interpret.

Such situations may indicate:

compatibility glyph usage
spoofing attempts
homoglyph confusion
prompt smuggling techniques
validation bypass in downstream processing pipelines

Detection model:

Normalize the text using NFKC
Iterate over characters in the original text
Identify characters whose normalized form differs
Group adjacent normalization-sensitive characters into spans
Emit one threat per span

Severity heuristic:

PSN001 (LOW) Compatibility normalization producing simple ASCII text.
PSN002 (MEDIUM) More complex normalization transformations.

Span semantics:

offendingText = original span decodedPayload = normalized span

Normalization can expand characters (example: ﬀ → ff), therefore the normalized payload is computed from the entire span.

Parameters

text

string

options?

ScanOptions = {}

Returns

ThreatReportWithoutLocation[]

scanInvisibleChars()

Previous Page

scanSmuggling()

Next Page

On this page

Parameters text options?Returns