JEP-326: Adding "escape()" and "unescape()" to java.lang.String

Jim Laskey james.laskey at
Wed Oct 24 21:20:46 UTC 2018

deraw, unraw, bake, cook, …

> On Oct 24, 2018, at 4:57 PM, Brian Goetz <brian.goetz at> wrote:
> Received through the suggestion box.  
> This offers another reason why the proposed `escape()` methods are questionably named (in addition to it being confusing which direction is “escape” and which is “unescape”), which is: users could confuse it for something that does quoting of malicious characters.)  
>> Begin forwarded message:
>> From: Art O Cathain <art.home at <mailto:art.home at>>
>> Subject: JEP-326: Adding "escape()" and "unescape()" to java.lang.String
>> Date: October 24, 2018 at 3:46:06 PM EDT
>> To: amber-spec-comments at <mailto:amber-spec-comments at>
>> I wonder at the wisdom of adding methods with such broad names to a
>> fundamental type such as String. Developers are confused enough about
>> escaping HTML and SQL - there is danger they'll simply concatenate
>> some strings together, then call "escape()" and go home for the day,
>> thinking their code is now secure.
>> Is there a more appropriate pair of names that indicates the type of
>> escaping that will be performed?
>> Art O Cathain

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the amber-spec-experts mailing list