Fair enough. It's funny how angry I get when I think of someone needing an "escape_once" function or "is_serialized". I think this discussion might have to become part of my interview process, because if someone doesn't understand the absolute undeniable terribleness of trying to determine if a string has been escaped or serialized by inspecting its contents, then I really don't want them in my code.
Ruby on Rails has such ugliness too, a view helper called "escape_once": http://api.rubyonrails.org/classes/ActionView/Helpers/TagHel...
What's crazy is that I can't even find an "escape" helper. Ho it's called html_escape. Ho and there is a html_escape_once too!
Python Django too: https://docs.djangoproject.com/en/dev/ref/utils/#django.util...