But I would still never not escape the params because you don’t know how that code will change one day or where it will end up, and chances are that you won’t remember to fix it later if you don’t fix it now.
We just had a major failure at work recently because someone decided to not decode URL params and their code worked fine for years because it never mattered… until it did.
Just do it right. It’s so easy. Why risk yourself a ton of headache in the future to save you a few seconds?
We just had a major failure at work recently because someone decided to not decode URL params and their code worked fine for years because it never mattered… until it did.
Just do it right. It’s so easy. Why risk yourself a ton of headache in the future to save you a few seconds?