deraw, unraw, bake, cook, …
> On Oct 24, 2018, at 4:57 PM, Brian Goetz <[email protected]> wrote:
>
> Received through the suggestion box.
>
> This offers another reason why the proposed `escape()` methods are
> questionably named (in addition to it being confusing which direction is
> “escape” and which is “unescape”), which is: users could confuse it for
> something that does quoting of malicious characters.)
>
>
>
>> Begin forwarded message:
>>
>> From: Art O Cathain <[email protected] <mailto:[email protected]>>
>> Subject: JEP-326: Adding "escape()" and "unescape()" to java.lang.String
>> Date: October 24, 2018 at 3:46:06 PM EDT
>> To: [email protected]
>> <mailto:[email protected]>
>>
>> I wonder at the wisdom of adding methods with such broad names to a
>> fundamental type such as String. Developers are confused enough about
>> escaping HTML and SQL - there is danger they'll simply concatenate
>> some strings together, then call "escape()" and go home for the day,
>> thinking their code is now secure.
>>
>> Is there a more appropriate pair of names that indicates the type of
>> escaping that will be performed?
>>
>> Art O Cathain
>
