This vulnerability wouldn't be a problem if every editor (and diff viewer) came with something like [0] as standard. CI pipelines should probably also include an equivalent step.

[0] https://atom.io/packages/highlight-bad-chars