Where is bidi spoofing most risky?
Code reviews, logs, and filenames are common targets because visual order can hide intent.
Bidirectional Text
Bidirectional control marks can reorder visible characters and create misleading output.
Quick checks
- Audit logs and identifiers for spoofing.
- Detect direction controls in code and UI text.
- Review suspicious mixed-direction strings.
Unicode Inspector
Inspect pasted text for invisible or risky Unicode characters, visualize findings, and generate cleaned output entirely in your browser.
Drop .txt/.csv/.json here
or click to choose a file (max 2 MB)
Results
| Symbol | Category | Unicode name | Code point | Occurrences | Positions | Actions |
|---|---|---|---|---|---|---|
No findings No matching characters found in the current analysis snapshot. | ||||||
Homoglyph Detector
Detect mixed-script and confusable lookalike tokens before trusting identifiers or domains.
| Token | Scripts | Risk | Confusables | Positions |
|---|---|---|---|---|
No homoglyph risks detected. | ||||
Bidi and Trojan Source
Inspect bidirectional control sequences that can hide true token order in code, configs, and logs.
| Type | Risk | Range | Controls count | Details |
|---|---|---|---|---|
No dangerous bidi sequences detected. | ||||
Overlay view
Cleaning actions
Output
Advanced JSON report
Positions and ranges can increase payload size.
Share link
Raw text is never included in the report or share link.
FAQ
Do I remove all bidi controls?
Only when inappropriate for context. They are necessary for legitimate right-to-left text.