Received through the suggestion box. This offers another reason why the proposed `escape()` methods are questionably named (in addition to it being confusing which direction is “escape” and which is “unescape”), which is: users could confuse it for something that does quoting of malicious characters.)
> Begin forwarded message: > > From: Art O Cathain <art.h...@gmail.com> > Subject: JEP-326: Adding "escape()" and "unescape()" to java.lang.String > Date: October 24, 2018 at 3:46:06 PM EDT > To: amber-spec-comme...@openjdk.java.net > > I wonder at the wisdom of adding methods with such broad names to a > fundamental type such as String. Developers are confused enough about > escaping HTML and SQL - there is danger they'll simply concatenate > some strings together, then call "escape()" and go home for the day, > thinking their code is now secure. > > Is there a more appropriate pair of names that indicates the type of > escaping that will be performed? > > Art O Cathain
