JEP-326: Adding "escape()" and "unescape()" to java.lang.String
Art O Cathain
art.home at gmail.com
Wed Oct 24 19:46:06 UTC 2018
I wonder at the wisdom of adding methods with such broad names to a
fundamental type such as String. Developers are confused enough about
escaping HTML and SQL - there is danger they'll simply concatenate
some strings together, then call "escape()" and go home for the day,
thinking their code is now secure.
Is there a more appropriate pair of names that indicates the type of
escaping that will be performed?
Art O Cathain
More information about the amber-spec-comments
mailing list