Hi there, I just wonder why `StringEscapeUtils.escapeEcmaScript` also includes `JavaUnicodeEscaper`? is it it's business really? the problem is when we use it to prevent script injection by user, it also replaces user input's unicodes with "\u"s which is not deducted with `escapeEcmaScript' term.
Another thing is, it replaces e.g. '<' with '<' (html/xml escape) but replace unicode with '\u....' rather than '&#'? And finally just for a curious, why `ESCAPE_ECMASCRIPT` does not include `OctalUnescaper` but `UNESCAPE_ECMASCRIPT = UNESCAPE_JAVA` does? Thanks in advance! --- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus
