{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreic5iedxe7q3e4puf3nfke7kk6zjny6tomr3663tysvybwrnotc6ya",
    "uri": "at://did:plc:ivbknywyskln22er3nkssdhl/app.bsky.feed.post/3mgswuqcke7b2"
  },
  "path": "/t/stop-including-string-content-in-index-panics/24067#post_9",
  "publishedAt": "2026-03-11T19:22:20.000Z",
  "site": "https://internals.rust-lang.org",
  "tags": [
    "appears to print those both literally"
  ],
  "textContent": "Elaborating on this point…\n\nThere have been cases in the past where printing specific strings has been a way to trigger security vulnerabilities. Most commonly this includes terminal control characters like U+001B and U+009B, and Rust appears to print those both literally at present when a string operation produces a panic. (My browser shows U+001B visibly and has no visible rendering for U+009B, but I was able to copy-and-paste it.)\n\nNormally this is considered a security problem in the terminal that's displaying the panic message, rather than in the program that writes the message, so technically speaking this isn't a vulnerability in Rust. I can imagine scenarios where it could be a problem, though (e.g. if you can put terminal control codes into a panic message you can embed links into it, and there are a number of ways that that could go wrong, especially given that there's a plausible chance that such a string could be attacker-controlled).\n\nAs such, even if we aren't removing the string fragment from the panic message, we should _at least_ be `Debug`-escaping it to avoid it being misinterpreted by terminals that might display the message.",
  "title": "Stop including string content in index panics?"
}