Wrong usage of JS functions (Appendix: Leveraging Dev Tools - Encoding and Decoding)

Open ukusormus opened this issue 2 years ago • 1 comments

What's the issue?

In Appendix: Leveraging Dev Tools > Encoding and Decoding:

Suggesting use of escape() and unescape() JavaScript functions for HTML encoding/decoding, while:
- these functions do not actually encode/decode HTML in the traditional sense (HTML entities). Actual behavior:
```
> escape("<script>")
'%3Cscript%3E'
```
- they're deprecated. Source: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/escape
Suggesting use of encodeURIComponent() and decodeURIComponent for URL encoding/decoding, while:
- these functions are meant to encode/decode URL parameter values, not full URLs, e.g.:
```
> encodeURIComponent("https://www.example.com/?key=valuew/slash")
'https%3A%2F%2Fwww.example.com%2F%3Fkey%3Dvaluew%2Fslash'
```

How do we solve it?

Remove current form of HTML encoding/decoding. Maybe look for a better JavaScript solution or omit it entirely?
Rename the usage of URL encode/decode to reflect that they're meant for URL parameter values, and/or add encodeURI() also. See more: When are you supposed to use escape instead of encodeURI / encodeURIComponent? - an answer on Stack Overflow

Jun 22 '23 10:06 ukusormus

Thanks @ukusormus, feel up for tackling the change(s)?

How do we solve it? Remove current form of HTML encoding/decoding. Maybe look for a better JavaScript solution or omit it entirely?

Let's omit it.

Rename the usage of URL encode/decode to reflect that they're meant for URL parameter values, and/or add encodeURI() also. See more: When are you supposed to use escape instead of encodeURI / encodeURIComponent? - an answer on Stack Overflow

Clarify what it's meant for, and add encodeURI().

Jun 22 '23 11:06 kingthorin