Hello,
I've got two questions:
1. why is there somewhere `foo asJavascript` and somewhere literally `nextPutAll: 'unescape("', foo escaped, '")'` when it more or less does the same (and `asJavascript` in safe cases eschews unescape call completely)? Could there not be `asJavascript` everywhere? (I tried, and it worked for me).
2. could it be possible to take away unescape completely? I tried this: instead of
`"unescape(\"" + escape(foo) + "\")"`
I used
`"\"" + escape(foo).replace(/%u/g, "<a href="smb://u">\\u").replace(/%/g, "<a href="smb://x">\\x") + "\""`
So instead of a call to unescape, this produced literal JS string with \x and \u escaped chars inside.
Is this unsafe in a way I don't see (I tried, again, and for me it worked)?
Herby
P.S.: Even if in microbenchmarks unescape is monstrously slow in comparision with literal strings, in real world I did not see any noticeable gain in speed when tried 2. from above; maybe there was a gain, but small (`asJavascript` saves a lot of cases, so there is probably little percentage of real unescape calls during runtime).
Locked
