It still means I'm sending potentially sensitive data (idk, passwords) to a server I don't own. There is no way I can trust github on this. Would there be a less-than-hacky way then regexing the URL? a way to let it redirect to a self-hosted version of the github page for example? Shouldn't be too hard to add and would solve OPs concerns.
The `reactProdInvariant` function [1] does the URL encoding job and the decoder on our documentation page is just a React component [2]. I totally understand your concern and for now you can simply edit the `reactProdInvariant` function to fit your needs.
> It still means I'm sending potentially sensitive data (idk, passwords) to a server I don't own
Not sure if you missed spicyj's point or arguing that you yourself might not notice the sensitive data in the url.
If you - as the developer - need to inquire more about the error (say after reproducing it on production), you copy and paste the error url and remove the sensitive data before going to said url.
What about using the hash part of the URL (#) instead of the query part (?)? That doesn't get sent to the server. Although you still have to trust that a script on the page isn't reading that information and shuttling it off somewhere else--but then, you're already trusting Facebook code anyway.
