diff --git a/src/lib/unescape.js b/src/lib/unescape.js
index a8b13cee9..feb255ac0 100644
--- a/src/lib/unescape.js
+++ b/src/lib/unescape.js
@@ -10,4 +10,7 @@ export default function unescape(str) {
     .replace(/\/g, '\\')
     .replace(/`/g, '`')
     .replace(/&/g, '&'));
+  // & replacement has to be the last one to prevent
+  // bugs with intermediate strings containing escape sequences
+  // See: https://github.com/validatorjs/validator.js/issues/1827
 }