Skip to main content

mixed_encoding

redstr

Function mixed_encoding 

Source 
pub fn mixed_encoding(input: &str) -> String
Expand description

Encodes characters using mixed encoding formats (HTML entities, Unicode escapes).

Randomly encodes each character using one of four formats: plain text, hexadecimal HTML entity (&#x...;), decimal HTML entity (&#...;), or Unicode escape (\u{...}). This mixed approach can bypass filters that only detect specific encoding formats.

§Use Cases

  • XSS Testing: Bypass filters that don’t handle all encoding formats
  • Red Team: Evade detection systems with mixed encoding
  • Blue Team: Test encoding normalization and parser robustness

§Examples

use redstr::mixed_encoding;

let result = mixed_encoding("test");
// Example output: "tes\u{0074}" (varies each run)
assert!(result.contains("&#") || result.contains("\\u"));

// XSS payload with mixed encoding
let xss = mixed_encoding("<script>");
// Example: "&#x3c;s&#99;r\u{0069}pt&#x3e;"