Here’s some info about this vulnerability:
- https://www.trojansource.codes/
- ‘Trojan Source’ Bug Threatens the Security of All Code – Krebs on Security
The Rust compiler and GHC have responded by emitting warnings when the problematic “bidirectional override” Unicode codepoints are encountered. (See Security advisory for rustc (CVE-2021-42574) | Rust Blog and Warn if unicode bidirectional formatting characters are found in the source (#20263) (!6736) · Merge requests · Glasgow Haskell Compiler / GHC · GitLab).
I haven’t actually checked whether Dhall implementations are affected, but it seems likely that they are. Maybe they should include similar mitigations as rustc and GHC do?!