Spoofchecker does NOT recognize zero-width spaces #20414
Description
Description
https://3v4l.org/9dMTh#v8.4.14
I found out about this when using the Symfony NoSuspiciousCharacters validator, and the example code is a reproduction of all steps during debugging
https://symfony.com/doc/current/reference/constraints/NoSuspiciousCharacters.html
The following code:
<?php
$values = [
"Zero Width Space" => "MaxMustermann",
"Zero Width Space" => "Max\u{200B}Mustermann",
"Zero Width Non-Joiner" => "Max\u{200C}Mustermann",
"Zero Width Joiner" => "Max\u{200D}Mustermann",
"Zero Width No-Break Space" => "Max\u{FEFF}Mustermann",
];
$checker = new \Spoofchecker();
$checks = \Spoofchecker::INVISIBLE | \Spoofchecker::MIXED_NUMBERS | \Spoofchecker::HIDDEN_OVERLAY;
$checks |= \Spoofchecker::SINGLE_SCRIPT;
$checker->setRestrictionLevel(\Spoofchecker::MODERATELY_RESTRICTIVE);
$checker->setAllowedLocales('de,fr,it');
$checker->setChecks($checks);
foreach ($values as $check => $value) {
echo $check."\n";
var_dump(preg_match('/[\x{200B}\x{200C}\x{200D}\x{FEFF}\x{2060}\x{2061}\x{2062}\x{2063}\x{2064}]/u', $value));
var_dump($checker->isSuspicious($value, $errorCode));
var_dump($errorCode);
echo "\n";
}Resulted in this output:
Zero Width Space
int(1)
bool(false)
int(0)
Zero Width Non-Joiner
int(1)
bool(false)
int(0)
Zero Width Joiner
int(1)
bool(false)
int(0)
Zero Width No-Break Space
int(1)
bool(false)
int(0)
But I expected this output instead:
Zero Width Space
int(1)
bool(true)
int(1) (no idea)
Zero Width Non-Joiner
int(1)
bool(true)
int(1) (no idea)
Zero Width Joiner
int(1)
bool(true)
int(1) (no idea)
Zero Width No-Break Space
int(1)
bool(true)
int(1) (no idea)
PHP Version
PHP 8.4.14 (cli) (built: Oct 24 2025 19:15:19) (NTS)
Copyright (c) The PHP Group
Built by https://github.com/docker-library/php
Zend Engine v4.4.14, Copyright (c) Zend Technologies
with Zend OPcache v8.4.14, Copyright (c), by Zend Technologies
with Xdebug v3.4.7, Copyright (c) 2002-2025, by Derick Rethans
ICU v72.1
Operating System
No response