Skip to main content

math_bold_encode

Function math_bold_encode 

Source
pub fn math_bold_encode(payload: &str) -> String
Expand description

Mathematical Alphanumeric Symbols encoding — replaces ASCII letters and digits with their Math-Bold counterparts in the Unicode U+1D400 block.

AZU+1D400U+1D419 (Math Bold Capitals: 𝐀 𝐁 … 𝐙) azU+1D41AU+1D433 (Math Bold Smalls: 𝐚 𝐛 … 𝐳) 09U+1D7CEU+1D7D7 (Math Bold Digits: 𝟎 𝟏 … 𝟗) Everything else is passed through unchanged (punctuation, spaces, etc., keep working as SQL/HTML syntax).

Bypass mechanism: every codepoint in this range NFKC-normalises back to its plain-ASCII counterpart. Databases / frameworks that perform NFKC normalisation (PostgreSQL with ICU collations, MySQL utf8mb4_0900_ai_ci, Java Normalizer.normalize(s, NFKC), Python unicodedata.normalize('NFKC', s), Go golang.org/x/text/unicode/norm) see the original SELECT / UNION / script keyword and execute / render it. WAFs scanning bytes for ASCII keywords see codepoints in the U+1D400 block — no keyword match.

Distinct from fullwidth_encode: fullwidth uses the U+FF00 Halfwidth-and-Fullwidth-Forms block. Math Alphanumeric uses the U+1D400 block — different code range, different WAF coverage gap. WAFs that block fullwidth (a common technique since 2020) often do not also block Math Alphanumeric Symbols. Both encode-paths NFKC to ASCII.

Context: any target whose backend NFKC-normalises before parsing. Confirmed targets: PostgreSQL ICU + MySQL utf8mb4_0900_ai_ci SQL identifiers, Java/Spring Boot path matching, .NET String.Normalize.