Erodenn/fetch-guard

What's new

Expanded injection detection

Four new scan phases and a broader pattern library.

Multilingual patterns. The pattern library now covers 6 high-severity injection phrases in English, Spanish, French, German, Japanese, Simplified Chinese, and Portuguese — 50 compiled patterns in total, up from 14. Multilingual payloads pass through all existing scan phases (homoglyph normalization, decode-and-scan) automatically.

URL percent-encoding decode-and-scan. Detects 3+ consecutive %XX sequences, decodes them, and scans the decoded content against high-severity patterns. The 3-token threshold avoids false positives from incidental single-character encoding.

ROT13 whole-document scan. Decodes the full document with ROT13 and scans against high-severity patterns only. Medium-severity patterns are excluded to keep false positives low on legitimate rotated text.

Metadata field scanning. Metadata fields (title, description, og:title, etc.) are now scanned independently. Matches are namespaced to their source field (e.g. metadata:title:ignore_previous) and merged into the overall risk level and injection_matches output.

Extended pre-extraction sanitization

Nine additional CSS hidden-element techniques are now stripped before trafilatura sees the HTML, based on the Unit 42 2026 taxonomy:

• font-size: 0
• color: transparent / rgba(..., 0) / hsla(..., 0)
• height: 0 + overflow: hidden
• max-height: 0 + overflow: hidden
• clip: rect(0, 0, 0, 0)
• transform: scale(0)
• Color-match hidden text: elements where inline color and background-color resolve to the same RGB value are removed. Supports cross-format comparisons (white == #ffffff == rgb(255,255,255)).
• <template> tag removal: template content is never rendered by browsers and is an active injection vector.

Test coverage

358 unit tests, up from 262.