unescape functions
maxmeout opened this issue · 2 comments
maxmeout commented
Do you guys have any plan of including unescape/unencode functions within this library? They will be helpful in few cases (Ex: If I am encoding all my untrusted parameters within requests in my application) and need 1/2 of them to be decoded within my application for some processing before sending it to view?
jmanico commented
This is not on our roadmap. Encoding in the context of this library always provides security when used correctly. Decoding can be extremely dangerous in the content of XSS and UI security.
I am sorry for this “no” answer but we’ve discussed it before internally and agreed not to provide decoders for this library.
Respectfully,
--
Jim Manico
@manicode
… On Apr 6, 2018, at 12:58 PM, maxmeout ***@***.***> wrote:
Do you guys have any plan of including unescape/unencode functions within this library? They will be helpful in few cases (Ex: If I am encoding all my untrusted parameters within requests in my application) and need 1/2 of them to be decoded within my application for some processing before sending it to view?
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.
jmanico commented
We sadly do not plan to implement these features for safety reasons.