Resource pack fonts can exploit chat previews

The following bug has two implications, starting with the less bad one:

Letting players unknowingly send gibberish reports to Mojang:

By sending a resource pack with a font that maps random characters to your normal alphabet, you can send gibberish into public chat that only players with the resource pack see as normal words, silently breaking the reporting tool (as you don't know that the actual text you're reporting is going to be gibberish at Mojang's end).

Here's a video showcasing the applied resource pack and what chat/report windows look like with and without the font: https://youtu.be/KMfYHj2xOoI - or see the attached two images for at least a little bit of context

This is easily reproducible using https://github.com/Cubxity/obfchat-poc (generating the resource pack and starting an only slightly modified Vanilla server with preview enabled, the resourcepack set in server properties, and the actual preview handling code - clients are Vanilla, just using the server resource pack)

=> The reporting window should use the default font to make sure you know what you're actually reporting (in a similar manner, someone could obfuscate the reporting screen in general)

 

Using special fonts to hide what the preview/signed text actually says

In a rather constructed scenario where you change a small number of "normal" characters in such a way that characters of a single word map to another word in our language, a server could ask "Write down 'I love the lgbtq community' for a reward", where the individual charatcers in "love" map to the characters in "hate". The player with the resource pack sees "love" in the preview, but the actual signed text includes "hate". So an L is still an L, but the H is also an L in the resource pack, etc.

Not sure if that is something worth fixing given the limited and constructed scenario, obviously having to remap at least a few characters in general and asking a player to write something like that before typing anything including those characters and noticing the fraud, but it is possible to abuse.