https://securelist.com/zero-day-vulnerability-in-telegram/83800/
You could disallow these characters in filenames, but when filename handling is charset-agnostic due to the extended-ascii principle this is impractical. I think a better solution is to specify a visible form of these characters to be used (e.g. through otf font variants) when security is of importance.
