Unexpected behaviour of topydo when tasks contain backslashes

[Ekleog]

topydo passes TODO texts as the repl argument of re.sub unchanged at topydo/lib/ListFormat.py:291.

If an issue contains a backslash, it is thus interpreted as an escape: an issue containing foo \t bar will output only foo.

This can also lead to crashing topydo: foo \g<t> bar will trigger a crash

This, finally, also means that the TODO task can output whatever bytes it wants to the terminal without any check from topydo, thus potentially opening way to exploiting a flaw in the terminal's escape code handling from an untrusted todo.txt files (eg. automatically generated from untrusted sources, like code). (the attack path here looks rather narrow to me, though):
foo \046 bar outputs foo & bar
foo \033[5m bar makes bar blink
\033[1A you didn't see this erases the previous TODO on the list (in topydo ls output) and replaces it by “you didn't see this”
etc.

[MinchinWeb]

This has been issues a CVE, and may be worthwhile to fix for that reason alone... https://nvd.nist.gov/vuln/detail/CVE-2018-1000523