A single‑file web app (index.html) that demonstrates how instructions can be hidden in plain sight using invisible Unicode tag characters and emoji variation selectors. It’s designed for training and research to help people recognize, analyze, and sanitize hidden prompt‑injection content.
-
Invisible Text Encoder / Decoder
- Encode visible text into “invisible” Plane 14 tag characters (offset from U+E0000).
- Decode back to the original text.
- Copy, Swap, and Clear controls.
- Paragraph embedding: insert the encoded (invisible) command after every space of a carrier paragraph to keep the text visually unchanged.
- Analyze paragraph: detect hidden tags, show the recovered command, and display an annotated preview with revealed characters highlighted.
- Strip Hidden: remove all tag characters and emoji variation selectors; copy the sanitized result.
- Shortcuts: Cmd/Ctrl+Enter = Encode, Shift+Enter = Decode.
-
Emoji Encoder / Decoder
- Encode text to a sequence of emoji variation selectors (U+FE00..U+FE0F) representing 4‑bit nibbles.
- Optional AES‑GCM encryption (PBKDF2‑SHA256, unique salt + IV embedded in output).
- Choose an initial emoji prefix, copy and clear outputs.
- Separate Encode/Decode tabs.
-
Clipboard friendly
- Uses
navigator.clipboard.writeTextwhen available, with a safe fallback for non‑secure contexts.
- Uses
-
Theming
- Styled to match nawtayei.com (dark background, orange accent). Colors are easy to tweak via CSS variables at the top of
index.html.
- Styled to match nawtayei.com (dark background, orange accent). Colors are easy to tweak via CSS variables at the top of
- No build or dependencies. Open
index.htmlin any modern browser. - Everything (HTML, CSS, and JS) lives in that single file.
- Encode a command
- Type your command in the Invisible Text “Input” box.
- Click “Encode” to produce invisible characters in “Output”.
- Click “Copy” to copy the invisible string.
- Embed into a paragraph
- Paste your paragraph into “Carrier Paragraph”.
- Click “Embed into Spaces” to insert the invisible string after every space.
- The result appears in “Embedded Output” (this box is editable; you can paste your own samples here too).
- Click “Copy Embedded” to copy the full embedded paragraph.
- Analyze and strip
- Click “Analyze Paragraph” to scan the embedded paragraph:
- “Decoded Hidden Text” shows the recovered command(s).
- “Annotated Preview” shows the paragraph with hidden characters revealed and highlighted.
- Click “Strip Hidden” to remove all tag characters and emoji variation selectors.
- Click “Copy Stripped” to copy the sanitized result.
- Emoji tool (optional)
- Switch to the Emoji section.
- Enter text, optionally enable “Encrypt” and set a key.
- Click “Encode” to generate a selector string (with your chosen emoji prefix).
- Use the Decode tab to reverse it; enable “Decrypt” and provide the key if used.
- Clipboard API may require HTTPS on some browsers; a fallback is provided.
- Paragraph embedding augments ASCII spaces only; tabs/newlines are left intact.
- The analyzer decodes any characters in the Plane 14 tag range (>= U+E0000) as hidden content.
- The Strip action removes both Plane 14 tags and variation selectors (U+FE00–U+FE0F).
This tool is for research and education only. Its purpose is to help users understand prompt‑injection risks in text and practice defensive techniques (normalization, allowlists, stripping non‑printing characters, escaping/untrusted isolation, etc.). Do not use it to conceal malicious or unauthorized content.
Recommended reading:
- Hiding in Plain Sight — Weaponizing Invisible Unicode to Attack LLMs: https://idanhabler.medium.com/hiding-in-plain-sight-weaponizing-invisible-unicode-to-attack-llms-f9033865ec10
- Hide in Emoji (PowerShellForHackers): https://powershellforhackers.com/blog/#/post/hide-in-emoji