unescaped

Unescaped refers to characters or strings that have not been modified by an escape sequence. In computing, escaping is the process of prefixing a character with another—often a backslash (\\), a percent sign (%), or similar—to indicate that it should be treated literally rather than interpreted according to its usual syntax. When data remains unescaped, the software that processes it may interpret special characters as control instructions, which can lead to errors, incorrect parsing, or security vulnerabilities.

In programming and scripting, unescaped input is a common source of injection attacks. For example, an SQL

Different languages and data formats provide standard escaping mechanisms. In many programming languages, a backslash escapes

Best practices advise performing escaping at the boundary where untrusted data enters a system—either before incorporating