unisec 0.0.5 → 0.0.7

data/lib/unisec/bidi.rb

@@ -18,10 +18,10 @@ module Unisec
       # @param input [String] the target string
       # @param opts [Hash] optional parameters, see {Spoof.bidi_affix}
       # @return [String] the target string
-      def set_target_display(input, **opts)
+      def set_target_display(input, **)
         @target_display = input
-        @spoof_string = reverse(**opts)
-        @spoof_payload = bidi_affix(**opts)
+        @spoof_string = reverse(**)
+        @spoof_payload = bidi_affix(**)
         @target_display
       end
 
@@ -66,8 +66,8 @@ module Unisec
       end
 
       # Call {Spoof.reverse} with `@target_display` as default input (target).
-      def reverse(**opts)
-        Spoof.reverse(@target_display, **opts)
+      def reverse(**)
+        Spoof.reverse(@target_display, **)
       end
 
       # Inject BiDi characters into the input string
@@ -121,8 +121,8 @@ module Unisec
       end
 
       # Call {Spoof.bidi_affix} with `@spoof_string` as input.
-      def bidi_affix(**opts)
-        Spoof.bidi_affix(@spoof_string, **opts)
+      def bidi_affix(**)
+        Spoof.bidi_affix(@spoof_string, **)
       end
 
       # Display a CLI-friendly output summurizing the spoof payload
@@ -157,7 +157,7 @@ module Unisec
             "Spoof payload (hex, escaped): #{@spoof_payload.to_hex(prefixall: '\\x')}\n" \
             "Spoof payload (base64): #{@spoof_payload.to_b64}\n" \
             "Spoof payload (urlencode): #{@spoof_payload.urlencode}\n" \
-            "Spoof payload (code points): #{Unisec::Properties.chars2codepoints(@spoof_payload)}\n" \
+            "Spoof payload (code points): #{Unisec::Utils::String.chars2codepoints(@spoof_payload)}\n" \
             "\n\n\n" \
             '⚠: for the spoof payload to display correctly, be sure your VTE has RTL support, ' \
             "e.g. see https://wiki.archlinux.org/title/Bidirectional_text#Terminal.\n" \

data/lib/unisec/blocks.rb

@@ -0,0 +1,209 @@
+# frozen_string_literal: true
+
+require 'paint'
+require 'unisec/utils'
+
+module Unisec
+  # Operations about Unicode blocks
+  class Blocks # rubocop:disable Metrics/ClassLength
+    # UCD Blocks file location
+    # @see https://www.unicode.org/Public/UCD/latest/ucd/Blocks.txt
+    UCD_BLOCKS = File.join(__dir__, '../../data/Blocks.txt')
+
+    # List of invalid, private, reserved ranges. Unasigned, unallocated ranges are calculated dynamically in {list_unassigned}.
+    INVALID_RANGES = [
+      { range: 0xd800..0xdfff, name: 'Surrogates (invalid outside UTF-16)' },
+      { range: 0xe000..0xf8ff, name: 'Private Use Area (located in BMP)' },
+      { range: 0xf0000..0xfffff, name: 'Supplementary Private Use Area-A' },
+      { range: 0x100000..0x10ffff, name: 'Supplementary Private Use Area-B' }
+    ].freeze
+
+    # Returns the version of Unicode used in UCD local file (data/Blocks.txt)
+    # @return [String] Unicode version
+    # @example
+    #   Unisec::Blocks.ucd_blocks_version # => "17.0.0"
+    def self.ucd_blocks_version
+      first_line = File.open(UCD_BLOCKS, &:readline)
+      first_line.match(/-(\d+\.\d+\.\d+)\.txt/).captures.first
+    end
+
+    # List Unicode blocks name
+    # ⚠️ Char count value may be wrong for CJK UNIFIED IDEOGRAPH because they are poorly described in DerivedName.txt.
+    # ⚠️ Populating char_count is slow and can take a few seconds.
+    # @param with_count [TrueClass|FalseClass] calculate block's range size & char count?
+    # @return [Array<Hash>] List of blocks (block name, range and count)
+    # @example
+    #   Unisec::Blocks.list # => [{range: 0..127, name: "Basic Latin", range_size: nil, char_count: nil}, … ]
+    #   Unisec::Blocks.list(with_count: true) # => [{range: 0..127, name: "Basic Latin", range_size: 128, char_count: 95}, … ]
+    def self.list(with_count: false)
+      out = []
+      file = File.new(UCD_BLOCKS)
+      file.each_line(chomp: true) do |line|
+        # Skip if the line is empty or a comment
+        next if line.empty? || line[0] == '#'
+
+        # parse the line to extract code point range and the name
+        blk_range, blk_name = line.split(';')
+        blk_range = Unisec::Utils::String.to_range(blk_range)
+        blk_name.lstrip!
+        out << {
+          range: blk_range,
+          name: blk_name,
+          range_size: with_count ? blk_range.size : nil,
+          char_count: with_count ? count_char_in_block(blk_range) : nil
+        }
+      end
+      out
+    end
+
+    # Count the number of characters allocated in a block.
+    # ⚠️ Char count value may be wrong for CJK UNIFIED IDEOGRAPH because they are poorly described in DerivedName.txt.
+    # @param range [Range] Block code point range
+    # @return [Integer] number of code points in the block
+    # @example
+    #   Unisec::Blocks::count_char_in_block(0xAC00..0xD7AF) # => 11172
+    def self.count_char_in_block(range) # rubocop:disable Metrics/AbcSize
+      counter = 0
+      file = File.new(Rugrep::UCD_DERIVEDNAME)
+      file.each_line(chomp: true) do |line|
+        # Skip if the line is empty or a comment
+        next if line.empty? || line[0] == '#'
+
+        # parse the line to extract code point as integer and the name
+        cp_int, _name = line.split(';')
+        if cp_int.include?('..') # handle ranges in DerivedName.txt
+          ucd_range = Utils::String.to_range(cp_int)
+          next unless range.include_range?(ucd_range)
+
+          counter += ucd_range.size
+          next
+        end
+        cp_int = cp_int.chomp.to_i(16)
+        next unless range.include?(cp_int)
+
+        counter += 1
+        break if cp_int == range.end
+      end
+      counter
+    end
+
+    # Find the block including the target character or code point, or matching the provided name.
+    # @param block_arg [Integer|String] Decimal code point or standardized hexadecimal codepoint or string character (only one, so be careful with emojis, composed or joint characters using several units) or directly look for the block name (case insensitive).
+    # @param with_count [TrueClass|FalseClass] calculate block's range size & char count?
+    # @return [Hash|nil] Maching block (block name, range and count) or nil if not found
+    # @example
+    #   Unisec::Blocks.block(65, with_count:true) # => {range: 0..127, name: "Basic Latin", range_size: 128, char_count: 95}
+    #   Unisec::Blocks.block("U+1f4a9") # => {range: 127744..128511, name: "Miscellaneous Symbols and Pictographs", range_size: nil, char_count: nil}
+    #   Unisec::Blocks.block("…", with_count:true) # => {range: 8192..8303, name: "General Punctuation", range_size: 112, char_count: 111}
+    #   Unisec::Blocks.block("javanese") # => {range: 43392..43487, name: "Javanese", range_size: nil, char_count: nil}
+    def self.block(block_arg, with_count: false) # rubocop:disable Metrics/AbcSize,Metrics/CyclomaticComplexity,Metrics/MethodLength,Metrics/PerceivedComplexity
+      file = File.new(UCD_BLOCKS)
+      found = false
+      file.each_line(chomp: true) do |line|
+        # Skip if the line is empty or a comment
+        next if line.empty? || line[0] == '#'
+
+        # parse the line to extract code point range and the name
+        blk_range, blk_name = line.split(';')
+        blk_range = Unisec::Utils::String.to_range(blk_range)
+        blk_name.lstrip!
+        case block_arg
+        when Integer # block_arg is an intgeger code point
+          found = true if blk_range.include?(block_arg)
+        when String # can be a char or block name or a string code point
+          if block_arg.size == 1 # is a char (1 code unit, not one grapheme)
+            found = true if blk_range.include?(Utils::String.convert_to_integer(block_arg))
+          elsif block_arg.start_with?('U+') # string code point
+            found = true if blk_range.include?(Utils::String.stdhexcp2deccp(block_arg))
+          elsif blk_name.downcase == block_arg.downcase # block name
+            found = true
+          end
+        end
+        if found
+          return {
+            range: blk_range,
+            name: blk_name,
+            range_size: with_count ? blk_range.size : nil,
+            char_count: with_count ? count_char_in_block(blk_range) : nil
+          }
+        end
+      end
+      nil # not found
+    end
+
+    # List unasigned, unallocated ranges.
+    # @return [Array<Range>] List of unassigned (code-point) ranges
+    # @example
+    #   Unisec::Blocks.list_unassigned # => [12256..12271, 66048..66175, …]
+    def self.list_unassigned # rubocop:disable Metrics/AbcSize
+      base = (0x0000..0x10ffff)
+      assigned = Unisec::Blocks.list.map { |b| b[:range] }
+
+      unassigned = []
+      cursor = base.begin
+
+      assigned.each do |r|
+        unassigned << (cursor..(r.begin - 1)) if cursor < r.begin
+        cursor = r.end + 1
+        break if cursor > base.end
+      end
+
+      unassigned << (cursor..base.end) if cursor <= base.end
+
+      unassigned
+    end
+
+    # Display a CLI-friendly output listing all blocks
+    # @param with_count [TrueClass|FalseClass] calculate block's range size & char count?
+    def self.list_display(with_count: false) # rubocop:disable Metrics/AbcSize
+      blocks = list(with_count: with_count)
+      display = ->(key, value, just) { print Paint[key, :red, :bold] + " #{value}".ljust(just) }
+      blocks.each do |blk|
+        display.call('Range:', Utils::Range.range2codepoint_range(blk[:range]), 22)
+        display.call('Name:', blk[:name], 50)
+        if with_count
+          display.call('Range size:', blk[:range_size], 8)
+          display.call('Char count:', blk[:char_count], 0)
+        end
+        puts
+      end
+      nil
+    end
+
+    # Display a CLI-friendly output detailing the searched block
+    # @param block_arg [Integer|String] Decimal code point or standardized hexadecimal codepoint or string character (only one, so be careful with emojis, composed or joint characters using several units) or directly look for the block name (case insensitive).
+    # @param with_count [TrueClass|FalseClass] calculate block's range size & char count?
+    def self.block_display(block_arg, with_count: false)
+      blk = block(block_arg, with_count: with_count)
+      if blk.nil?
+        puts "no block found with #{block_arg}"
+      else
+        display = ->(key, value) { puts Paint[key, :red, :bold] + " #{value}" }
+        display.call('Range:', Utils::Range.range2codepoint_range(blk[:range]))
+        display.call('Name:', blk[:name])
+        if with_count
+          display.call('Range size:', blk[:range_size])
+          display.call('Char count:', blk[:char_count])
+        end
+      end
+      nil
+    end
+
+    # Display a CLI-friendly output listing all invalid and unsassigned ranges.
+    def self.list_invalid_display # rubocop:disable Metrics/AbcSize
+      display = ->(key, value, just) { print Paint[key, :red, :bold] + " #{value}".ljust(just) }
+      puts '(Assigned) invalid, private, reserved ranges:'
+      INVALID_RANGES.each do |blk|
+        display.call('Range:', Utils::Range.range2codepoint_range(blk[:range]), 22)
+        display.call('Name:', blk[:name], 50)
+        puts
+      end
+      puts "\nUnasigned, unallocated ranges:"
+      list_unassigned.each do |blk|
+        display.call('Range:', Utils::Range.range2codepoint_range(blk), 22)
+        puts
+      end
+      nil
+    end
+  end
+end

data/lib/unisec/cli/blocks.rb

@@ -0,0 +1,93 @@
+# frozen_string_literal: true
+
+require 'dry/cli'
+require 'unisec'
+require 'unisec/utils'
+
+module Unisec
+  module CLI
+    module Commands
+      # CLI sub-commands `unisec blocks xxx` for the class {Unisec::Blocks} from the lib.
+      module Blocks
+        # Command `unisec blocks list`
+        #
+        # Example:
+        #
+        # ```plaintext
+        # $ unisec blocks list
+        # Range: U+0000 - U+007F      Name: Basic Latin
+        # Range: U+0080 - U+00FF      Name: Latin-1 Supplement
+        # …
+        # ```
+        class List < Dry::CLI::Command
+          desc 'List all Unicode blocks'
+
+          option :with_count, default: 'false', values: %w[true false],
+                              desc: "calculate block's range size & char count?"
+
+          # List Unicode blocks
+          def call(**options)
+            Unisec::Blocks.list_display(with_count: options[:with_count].to_bool)
+          end
+        end
+
+        # Command `unisec blocks search`
+        #
+        # Example:
+        #
+        # ```plaintext
+        # $ unisec blocks search 127745
+        # $ unisec blocks search U+1f4a9
+        # $ unisec blocks search …
+        # $ unisec blocks search javanese
+        # ```
+        class Search < Dry::CLI::Command
+          desc 'Search for a specific block'
+
+          argument :block_arg, required: true,
+                               desc: 'Decimal code point | standardized hexadecimal codepoint | string character ' \
+                                     '(only one, so be careful with emojis, composed or joint characters using ' \
+                                     'several units) | block name (case insensitive)'
+
+          option :with_count, default: 'false', values: %w[true false],
+                              desc: "calculate block's range size & char count?"
+
+          # Display a block matching a decimal code point, standardized hexadecimal codepoint, string character or block name
+          # @param block_arg [Integer|String] Decimal code point or standardized hexadecimal codepoint or string character (only one, so be careful with emojis, composed or joint characters using several units) or directly look for the block name (case insensitive).
+          def call(block_arg: nil, **options)
+            block_arg = block_arg.to_i if /\A\d+\Z/.match?(block_arg) # cast decimal string to integer
+            Unisec::Blocks.block_display(block_arg, with_count: options[:with_count].to_bool)
+          end
+        end
+
+        # Command `unisec blocks invalid`
+        #
+        # Example:
+        #
+        # ```plaintext
+        # $ unisec blocks invalid
+        # (Assigned) invalid, private, reserved ranges:
+        # Range: U+D800 - U+DFFF      Name: Surrogates (invalid outside UTF-16)
+        # Range: U+E000 - U+F8FF      Name: Private Use Area (located in BMP)
+        # Range: U+F0000 - U+FFFFF    Name: Supplementary Private Use Area-A
+        # Range: U+100000 - U+10FFFF  Name: Supplementary Private Use Area-B
+        #
+        # Unasigned, unallocated ranges:
+        # Range: U+2FE0 - U+2FEF
+        # Range: U+10200 - U+1027F
+        # Range: U+103E0 - U+103FF
+        # Range: U+107C0 - U+107FF
+        # …
+        # ```
+        class Invalid < Dry::CLI::Command
+          desc 'List all invalid and unsassigned ranges'
+
+          # List all invalid and unsassigned ranges
+          def call(**)
+            Unisec::Blocks.list_invalid_display
+          end
+        end
+      end
+    end
+  end
+end

data/lib/unisec/cli/cli.rb

@@ -1,9 +1,11 @@
 # frozen_string_literal: true
 
 require 'unisec/cli/bidi'
+require 'unisec/cli/blocks'
 require 'unisec/cli/confusables'
-require 'unisec/cli/hexdump'
+require 'unisec/cli/dump'
 require 'unisec/cli/normalization'
+require 'unisec/cli/planes'
 require 'unisec/cli/properties'
 require 'unisec/cli/rugrep'
 require 'unisec/cli/size'
@@ -20,11 +22,18 @@ module Unisec
       # Mapping between the (sub-)commands as seen by the user
       # on the command-line interface and the CLI modules in the lib
       register 'bidi spoof', Bidi::Spoof
+      register 'blocks invalid', Blocks::Invalid
+      register 'blocks list', Blocks::List
+      register 'blocks search', Blocks::Search
       register 'confusables list', Confusables::List
       register 'confusables randomize', Confusables::Randomize
+      register 'dump dec', Dump::Dec
+      register 'dump hex', Dump::Hex
       register 'grep', Grep
-      register 'hexdump', Hexdump
-      register 'normalize', Normalize
+      register 'normalize all', Normalize::All
+      register 'normalize replace', Normalize::Replace
+      register 'planes list', Planes::List
+      register 'planes search', Planes::Search
       register 'properties char', Properties::Char
       register 'properties codepoints', Properties::Codepoints
       register 'properties list', Properties::List

data/lib/unisec/cli/dump.rb

@@ -0,0 +1,87 @@
+# frozen_string_literal: true
+
+require 'dry/cli'
+require 'unisec'
+
+module Unisec
+  module CLI
+    module Commands
+      # CLI sub-commands `unisec dump xxx` for several dump classes like {Unisec::Hexdump} or {Unisec::Decxdump} from the lib.
+      module Dump
+        # CLI command `unisec dump hex` for the class {Unisec::Hexdump} from the lib.
+        #
+        # Example:
+        #
+        # ```plaintext
+        # $ unisec dump hex "ACCEIS"
+        # UTF-8: 41 43 43 45 49 53
+        # UTF-16BE: 0041 0043 0043 0045 0049 0053
+        # UTF-16LE: 4100 4300 4300 4500 4900 5300
+        # UTF-32BE: 00000041 00000043 00000043 00000045 00000049 00000053
+        # UTF-32LE: 41000000 43000000 43000000 45000000 49000000 53000000
+        #
+        # $ unisec dump hex "ACCEIS" --enc utf16le
+        # 4100 4300 4300 4500 4900 5300
+        # ```
+        class Hex < Dry::CLI::Command
+          desc 'Hexadecimal dump (hexdump) in all Unicode encodings'
+
+          argument :input, required: true,
+                           desc: 'String input. Read from STDIN if equal to -.'
+
+          option :enc, default: nil, values: %w[utf8 utf16be utf16le utf32be utf32le],
+                       desc: 'Output only in the specified encoding.'
+
+          # Hexdump of all Unicode encodings.
+          # @param input [String] Input string to encode
+          def call(input: nil, **options)
+            input = $stdin.read.chomp if input == '-'
+            if options[:enc].nil?
+              puts Unisec::Hexdump.new(input).display
+            else
+              # using send() is safe here thanks to the value whitelist
+              puts Unisec::Hexdump.send(options[:enc], input)
+            end
+          end
+        end
+
+        # CLI command `unisec dump dec` for the class {Unisec::Decdump} from the lib.
+        #
+        # Example:
+        #
+        # ```plaintext
+        # $ unisec dump dec "noraj"
+        # UTF-8: 110 111 114 097 106
+        # UTF-16BE: |000 110| |000 111| |000 114| |000 097| |000 106|
+        # UTF-16LE: |110 000| |111 000| |114 000| |097 000| |106 000|
+        # UTF-32BE: |000 000 000 110| |000 000 000 111| |000 000 000 114| |000 000 000 097| |000 000 000 106|
+        # UTF-32LE: |110 000 000 000| |111 000 000 000| |114 000 000 000| |097 000 000 000| |106 000 000 000|
+        #
+        # $ unisec dump dec "noraj" --enc utf16le
+        # |110 000| |111 000| |114 000| |097 000| |106 000|
+        # ```
+        class Dec < Dry::CLI::Command
+          desc 'Decimal dump (decdump) in all Unicode encodings'
+
+          argument :input, required: true,
+                           desc: 'String input. Read from STDIN if equal to -.'
+
+          option :enc, default: nil, values: %w[utf8 utf16be utf16le utf32be utf32le],
+                       desc: 'Output only in the specified encoding.'
+
+          # Decdump of all Unicode encodings.
+          # @param input [String] Input string to encode
+          def call(input: nil, **options)
+            input = $stdin.read.chomp if input == '-'
+            if options[:enc].nil?
+              puts Unisec::Decdump.new(input).display
+            else
+              # using send() is safe here thanks to the value whitelist
+              puts Unisec::Decdump.send(options[:enc], input)
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/unisec/cli/normalization.rb

@@ -8,45 +8,77 @@ module Unisec
   module CLI
     module Commands
       # CLI sub-commands `unisec normalize xxx` for the class {Unisec::Normalization} from the lib.
-      #
-      # Command `unisec normalize "example"`
-      #
-      # Example:
-      #
-      # ```plaintext
-      # ➜ unisec normalize ẛ̣
-      # Original: ẛ̣
-      #   U+1E9B U+0323
-      # NFC: ẛ̣
-      #   U+1E9B U+0323
-      # NFKC: ṩ
-      #   U+1E69
-      # NFD: ẛ̣
-      #   U+017F U+0323 U+0307
-      # NFKD: ṩ
-      #   U+0073 U+0323 U+0307
-      #
-      # ➜ unisec normalize ẛ̣  --form nfkd
-      # ṩ
-      # ```
-      class Normalize < Dry::CLI::Command
-        desc 'Normalize in all forms'
-
-        argument :input, required: true,
-                         desc: 'String input. Read from STDIN if equal to -.'
-
-        option :form, default: nil, values: %w[nfc nfkc nfd nfkd],
-                      desc: 'Output only in the specified normalization form.'
-
-        # Normalize in all forms
-        # @param input [String] Input string to normalize
-        def call(input: nil, **options)
-          input = $stdin.read.chomp if input == '-'
-          if options[:form].nil?
-            puts Unisec::Normalization.new(input).display
-          else
-            # using send() is safe here thanks to the value whitelist
-            puts Unisec::Normalization.send(options[:form], input)
+      module Normalize
+        # Command `unisec normalize all "example"`
+        #
+        # Example:
+        #
+        # ```plaintext
+        # ➜ unisec normalize all ẛ̣
+        # Original: ẛ̣
+        #   U+1E9B U+0323
+        # NFC: ẛ̣
+        #   U+1E9B U+0323
+        # NFKC: ṩ
+        #   U+1E69
+        # NFD: ẛ̣
+        #   U+017F U+0323 U+0307
+        # NFKD: ṩ
+        #   U+0073 U+0323 U+0307
+        #
+        # ➜ unisec normalize all ẛ̣  --form nfkd
+        # ṩ
+        # ```
+        class All < Dry::CLI::Command
+          desc 'Normalize in all forms'
+
+          argument :input, required: true,
+                           desc: 'String input. Read from STDIN if equal to -.'
+
+          option :form, default: nil, values: %w[nfc nfkc nfd nfkd],
+                        desc: 'Output only in the specified normalization form.'
+
+          # Normalize in all forms
+          # @param input [String] Input string to normalize
+          def call(input: nil, **options)
+            input = $stdin.read.chomp if input == '-'
+            if options[:form].nil?
+              puts Unisec::Normalization.new(input).display
+            else
+              # using send() is safe here thanks to the value whitelist
+              puts Unisec::Normalization.send(options[:form], input)
+            end
+          end
+        end
+
+        # Command `unisec normalize replace "example"`
+        #
+        # Example:
+        #
+        # ```plaintext
+        # ➜ unisec normalize replace "<svg onload=\"alert('XSS')\">"
+        # Original: <svg onload="alert('XSS')">
+        #   U+003C U+0073 U+0076 U+0067 U+0020 U+006F U+006E U+006C U+006F U+0061 U+0064 U+003D U+0022 U+0061 U+006C U+0065 U+0072 U+0074 U+0028 U+0027 U+0058 U+0053 U+0053 U+0027 U+0029 U+0022 U+003E
+        # Bypass payload: ﹤svg onload=＂alert(＇XSS＇)＂﹥
+        #   U+FE64 U+0073 U+0076 U+0067 U+0020 U+006F U+006E U+006C U+006F U+0061 U+0064 U+003D U+FF02 U+0061 U+006C U+0065 U+0072 U+0074 U+0028 U+FF07 U+0058 U+0053 U+0053 U+FF07 U+0029 U+FF02 U+FE65
+        # NFKC: <svg onload="alert('XSS')">
+        #   U+003C U+0073 U+0076 U+0067 U+0020 U+006F U+006E U+006C U+006F U+0061 U+0064 U+003D U+0022 U+0061 U+006C U+0065 U+0072 U+0074 U+0028 U+0027 U+0058 U+0053 U+0053 U+0027 U+0029 U+0022 U+003E
+        # NFKD: <svg onload="alert('XSS')">
+        #   U+003C U+0073 U+0076 U+0067 U+0020 U+006F U+006E U+006C U+006F U+0061 U+0064 U+003D U+0022 U+0061 U+006C U+0065 U+0072 U+0074 U+0028 U+0027 U+0058 U+0053 U+0053 U+0027 U+0029 U+0022 U+003E
+        #
+        # ➜ echo -n "<svg onload=\"alert('XSS')\">" | unisec normalize replace -
+        # ```
+        class Replace < Dry::CLI::Command
+          desc 'Prepare a XSS payload for HTML escape bypass (HTML escape followed by NFKC / NFKD normalization)'
+
+          argument :input, required: true,
+                           desc: 'String input. Read from STDIN if equal to -.'
+
+          # Prepare a XSS payload for HTML escape bypass (HTML escape followed by NFKC / NFKD normalization)
+          # @param input [String] Input string to normalize
+          def call(input: nil, **_options)
+            input = $stdin.read.chomp if input == '-'
+            puts Unisec::Normalization.new(input).display_replace
           end
         end
       end