pub fn fullwidth_encode(payload: &str) -> StringExpand description
Fullwidth Unicode encoding — replaces ASCII with fullwidth equivalents.
Maps !–~ (0x21–0x7E) to the fullwidth range !–~ (0xFF01–0xFF5E).
Spaces become ideographic space (U+3000).
Bypass mechanism: Many WAFs regex against ASCII keywords like SELECT,
UNION, <script>, etc. Fullwidth characters are visually identical but
have different codepoints, so regex fails. However, backends that perform
Unicode NFKC normalization will convert them back to ASCII — meaning the
payload executes while the WAF never saw it.
Context: Effective against WAFs in front of servers that normalize Unicode
(Java/Spring, .NET, Python 3, Go, PostgreSQL, etc.).