This is the second of two bugs split-out of bug 903232. From that bug:
"This sounds like an issue that would be triggered in client tools that do not escape characters, not in Swift. Do you confirm ? If yes, then I agree with John that it sounds like an optional additional layer of security rather than a vulnerability in Swift."
I mostly agree that this should be an optional addition to Swift, and that in itself it is not a vulnerability within Swift. However, there are other circumstances where blacklisting certain characters or character ranges may be needed. For example, currently Swift allows any character for the name of an object or container, including control characters such as 0x01. When Swift outputs a container listing in XML it does so as XML 1.0 and prints out the literal character for 0x01 (start of heading). This will break nearly all XML 1.0 parsers because most control characters are not allowed in XML 1.0. See Character Ranges: http://www.w3.org/TR/REC-xml/#charsets In this example the problem isn't caused by the client but rather the output from Swift that will cause the error in the XML parser on the client. Additionally there could also be other ranges that a Swift provider may not wish to support due to back end systems or Python not being able to handler certain Unicode ranges.