Stop including string content in index panics?

Elaborating on this point…

There have been cases in the past where printing specific strings has been a way to trigger security vulnerabilities. Most commonly this includes terminal control characters like U+001B and U+009B, and Rust appears to print those both literally at present when a string operation produces a panic. (My browser shows U+001B visibly and has no visible rendering for U+009B, but I was able to copy-and-paste it.)

Normally this is considered a security problem in the terminal that's displaying the panic message, rather than in the program that writes the message, so technically speaking this isn't a vulnerability in Rust. I can imagine scenarios where it could be a problem, though (e.g. if you can put terminal control codes into a panic message you can embed links into it, and there are a number of ways that that could go wrong, especially given that there's a plausible chance that such a string could be attacker-controlled).

As such, even if we aren't removing the string fragment from the panic message, we should at least be Debug-escaping it to avoid it being misinterpreted by terminals that might display the message.