I looked at the diff, it’s around 100 lines of new code and a few hundred lines of comments and tests.
I couldn’t have written it, but there are many smarter people that fixed it after they learned of the problem.
What also made it easier to fix is that they (sensibly) chose to error on certain strings that can’t be escaped safely.
It’s not a proper fix, there are still cases when correct escaping is impossible and the function simply returns a error. I don"t know if if this possible at all to escape any string or if it is just because of lack of documentation, but anyway i wouldn’t call this a thing that is easy to fix.
But it’s not. Have you read the article?
I looked at the diff, it’s around 100 lines of new code and a few hundred lines of comments and tests.
I couldn’t have written it, but there are many smarter people that fixed it after they learned of the problem.
What also made it easier to fix is that they (sensibly) chose to error on certain strings that can’t be escaped safely.
It’s not a proper fix, there are still cases when correct escaping is impossible and the function simply returns a error. I don"t know if if this possible at all to escape any string or if it is just because of lack of documentation, but anyway i wouldn’t call this a thing that is easy to fix.