If you’re writing code to filter them out, you could just as well escape them. No, the main reason is because the programmer is using some built-in function of their toolkit or library and just settling for what they offer instead of finding a better method or rolling their own. This is also a warning sign, for if they can’t be bothered to ensure good security practices on the character set, you have to wonder what else they’ve skimped on, like encryption of the password.
If I had to guess it probably has something to do with various keyboards especially in different countries. It might be easy to type $ for us, but £ or is more work. Macs allow these with the option and option shift keys pressed while windows users need to know the unicode representation to generate these. Imagine being at a different keyboard or in a different country and having to hunt down all the characters to login cause you cant figure out how to get the keyboard to generate these characters.
Pending on what you are doing with the characters…escaping them may not be what’s needed. Dealing with things like our active directory authentication service requires that the non “web-safe” characters be URL encoded. Perhaps that’s what you meant anyway. When I think of “escaping characters” if think of the typical shell “” escape character.
Windows has the AltGraph key (right alt) that generates all sorts of alternate characters, just like Option on a Mac, and extra luxury, most PC keyboards are engraved with these.
That said, I have traveled enough to experience quite a few different keyboards, and sometimes even the simple ABC can be a challenge
You are right. “Escape” has a specific connotation to the Linux and Mac path. At any rate, even through Base64 or prepared statement, it is not so difficult to let the user employ whatever characters he wants and record them in a database.