Invisible Character ViewerInvisible Character Viewer Logo

Right-to-Left Override U+202E

Codepoint
U+202E
Decimal
8238
HTML
‮
CSS
\202E
JS
\u202E
URL
%E2%80%AE
UTF-8
E2 80 AE
Category
Format (Cf)
Block
General Punctuation

The Right-to-Left Override (U+202E) is one of the most security-sensitive invisible characters in Unicode. It produces no visible glyph, but it carries a powerful instruction: display everything after me in right-to-left order. That single, invisible command is the engine behind a whole class of spoofing and code-injection attacks.

Unicode includes bidirectional (bidi) control characters so that left-to-right scripts (like English) and right-to-left scripts (like Arabic and Hebrew) can be mixed correctly in the same line. The Right-to-Left Override is the most forceful of these: it does not just hint at direction, it overrides it. Used legitimately, it is rare. Used maliciously, it is dangerous.

How It Is Abused

Filename spoofing

The classic trick: an attacker names a file using U+202E so the extension appears different from what it actually is. A file that is really photo_gpj.exe can be displayed as photo_exe.jpg once the override reverses the characters after it. The victim sees a harmless-looking image, but double-clicks an executable.

Trojan Source (code attacks)

In 2021, researchers showed that bidi overrides can make source code read one way to a human and compile another way. A comment or string containing U+202E can visually reorder code so a reviewer sees safe-looking logic while the compiler executes something else — for example, sneaking an early return or a permission check inside what looks like an inert comment. This "Trojan Source" technique affects most programming languages because it lives in the text encoding, not the language.

Chat, usernames, and moderation evasion

The override is also used to scramble display names, bypass text filters, or make messages render in confusing ways.

How to Detect and Remove It

Paste any suspicious text, file name, or code snippet into the on the homepage. It highlights the Right-to-Left Override and every other hidden formatting character, showing the exact code point on hover.

In code:

js
// JavaScript: detecttext.includes('\u202E')
// Remove the override (and other bidi controls)text.replace(/[\u202A-\u202E\u2066-\u2069]/g, '')
python
# Python: flag any bidirectional control characterimport reif re.search('[\u202A-\u202E\u2066-\u2069]', text):    raise ValueError("Bidirectional control character detected")

For security-sensitive systems — code review tools, file uploads, user names — the safest policy is to reject or visibly flag any input containing bidi control characters rather than silently stripping them.

Technical Details

PropertyValue
Code pointU+202E
Decimal8238
UTF-8E2 80 AE
HTML‮ or ‮
CategoryFormat (Cf)
BlockGeneral Punctuation

The Bidi Control Characters

The Right-to-Left Override is one of several bidirectional formatting characters. Security tooling should treat the whole group as suspicious:

CharacterCode pointEffect
U+200ESets direction to LTR (weak)
Right-to-Left MarkU+200FSets direction to RTL (weak)
Left-to-Right OverrideU+202DForces LTR
Right-to-Left Override (this page)U+202EForces RTL
First Strong IsolateU+2068Isolates direction by first strong char
Pop Directional FormattingU+202CEnds the most recent override/embedding

Why It Matters

Because it is invisible and survives copy-paste, the Right-to-Left Override can travel anywhere text goes — file names, commit messages, package names, user input — and change how that text is read without changing its bytes. Any system that displays untrusted text to humans (a code reviewer, a file browser, a moderation queue) should detect and surface it. Run anything suspicious through the to reveal it instantly.

Frequently Asked Questions

What does the Right-to-Left Override do?
The Right-to-Left Override (U+202E) is an invisible formatting character that forces the text after it to display right-to-left, regardless of the characters' natural direction. It produces no visible glyph but silently reverses how the following text is rendered.
Why is U+202E a security risk?
Because it changes how text looks without changing the underlying bytes, attackers use it to disguise file names (making "photo_gpj.exe" appear as "photo_exe.jpg") and to hide malicious logic in source code — the "Trojan Source" attack — where code reads one way to a human reviewer but compiles differently.
How do I detect a Right-to-Left Override character?
Paste the suspicious text or file name into the Invisible Character Viewer on the homepage; it highlights U+202E and other hidden formatting characters. In code, check with: text.includes('\u202E').
How do I remove the Right-to-Left Override?
Use the "Strip Invisible Characters" button in the viewer on the homepage, or in code: text.replace(/\u202E/g, ''). For security-sensitive systems, reject or flag any input containing bidirectional control characters.

Related Characters

Left-to-Right MarkU+200EByte Order MarkU+FEFFZero-Width SpaceU+200BWord JoinerU+2060Object Replacement CharacterU+FFFC

Need to detect or remove Right-to-Left Override characters in your text?

Open Invisible Character Viewer