This release adds 3 notable features for engineering teams evaluating rollout.
✓ No known CVEs patched in this version
Affected surfaces
Summary
AI summaryThree-phase injection scanning now includes homoglyph normalization and decode‑and‑scan for encoded payloads.
Full changelog
What's New
Three-Phase Injection Scanning
The pattern scanner now runs three phases instead of one:
- Original text — 14 compiled regex patterns against the raw extracted content
- Homoglyph normalization — NFKC + confusable-character mapping catches Cyrillic-for-Latin substitutions and similar bypasses
- Decode-and-scan — finds base64 and hex encoded blocks, decodes them, and scans decoded content with high-severity patterns (replaces the old base64_block heuristic)
CSS Hidden Element Removal
The sanitizer now parses <style> tags and removes elements targeted by CSS rules with display:none, visibility:hidden, or opacity:0. Previously only inline style attributes were caught.
Expanded Unicode Coverage
Non-printing character removal now covers 26 categories, adding bidi isolates (U+2066–U+2069) and Unicode Tags block (U+E0001, U+E0020, U+E007F).
Pipeline Optimization
Consolidated dependency checks, fixed encoding detection, cleaned up duplicates across the pipeline.
Stats
- 239 unit tests, all passing
- Python 3.10, 3.12, 3.13
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About Erodenn/fetch-guard
URL fetcher and HTML-to-markdown converter with three-layer prompt injection defense: pre-extraction sanitization of hidden/off-screen elements and non-printing Unicode, 15-pattern risk scanning (HIGH/MEDIUM/OK), and per-request session-salt content boundary wrapping.
Related context
Beta — feedback welcome: [email protected]