>> Given that the vulnerability is limited to source code, in which AFAIU 
>> there's no legitimate use of such characters, would the following not 
>> be enough?
>
> I'm pretty sure there are legitimate uses of such characters in source 
> code. Maybe there are significant parts of the world where this is 
> extremely rare, but we shouldn't generalize too quickly.
>

There's some data that shows that this is extremely rare in general: the 
Rust Security Response WG analyzed the 70322 crates and found only 5 in 
which these codepoints were present (see [1]).  That's ~0.01 %.

Moreover such highlighting does not make the source code or text 
unreadable, even in those few legitimate cases.

Therefore I suggest to experiment with the attached patch during a month 
or so, and see if there are objections.  I used the 
{left,right,up,down}wards arrows, which are visible in both GUI and TUI 
interfaces.

[1] https://blog.rust-lang.org/2021/11/01/cve-2021-42574.html