diff --git a/common/utils/encode-decode.js b/common/utils/encode-decode.js
index 27fe4faa5a..b63641da7a 100644
--- a/common/utils/encode-decode.js
+++ b/common/utils/encode-decode.js
@@ -1,46 +1,38 @@
-import flow from 'lodash/flow';
+import _ from 'lodash/fp';
 
 // we don't store loop protect disable key
-export function removeNoprotect(val) {
-  return val.replace(/noprotect/gi, '');
-}
+export const removeNoprotect = _.replace(/noprotect/gi, '');
 
-export function encodeScriptTags(val) {
-  return val
-    .replace(/<script>/gi, 'fccss')
-    .replace(/<\/script>/gi, 'fcces');
-}
+export const encodeScriptTags = _.flow(
+  _.replace(/<script>/gi, 'fccss'),
+  _.replace(/<\/script>/gi, 'fcces')
+);
 
-export function decodeScriptTags(val) {
-  return val
-    .replace(/fccss/gi, '<script>')
-    .replace(/fcces/gi, '</script>');
-}
+export const decodeScriptTags = _.flow(
+  _.replace(/fccss/gi, '<script>'),
+  _.replace(/fcces/gi, '</script>')
+);
 
-export function encodeFormAction(val) {
-  return val.replace(
-    // look for attributes in a form
-    /<form[^>]*>/,
-    // val is the string within the opening form tag
-    // look for an `action` attribute, replace it with a fcc tag
-    val => val.replace(/action(\s*?)=/, 'fccfaa$1=')
-  );
-}
+export const encodeFormAction = _.replace(
+  // look for attributes in a form
+  /<form[^>]*>/,
+  // val is the string within the opening form tag
+  // look for an `action` attribute, replace it with a fcc tag
+  _.replace(/action(\s*?)=/, 'fccfaa$1=')
+);
 
-export function decodeFormAction(val) {
-  return val.replace(
-    /<form[^>]*>/,
-    val => val.replace(/fccfaa(\s*?)=/, 'action$1=')
-  );
-}
+export const decodeFormAction = _.replace(
+  /<form[^>]*>/,
+  _.replace(/fccfaa(\s*?)=/, 'action$1=')
+);
 
-export const encodeFcc = flow([
+export const encodeFcc = _.flow(
   removeNoprotect,
   encodeFormAction,
   encodeScriptTags
-]);
+);
 
-export const decodeFcc = flow([
+export const decodeFcc = _.flow(
   decodeFormAction,
   decodeScriptTags
-]);
+);
diff --git a/common/utils/encode-decode.test.js b/common/utils/encode-decode.test.js
new file mode 100644
index 0000000000..88071c51ae
--- /dev/null
+++ b/common/utils/encode-decode.test.js
@@ -0,0 +1,70 @@
+import test from 'tape';
+import {
+  encodeScriptTags,
+  decodeScriptTags,
+  encodeFormAction,
+  decodeFormAction,
+  encodeFcc,
+  decodeFcc
+} from './encode-decode.js';
+
+const scriptDecoded = `
+  <script>console.log('foo')</script>
+`;
+const scriptEncoded = `
+  fccssconsole.log('foo')fcces
+`;
+test('encodeScriptTags', t => {
+  t.plan(1);
+  t.equal(
+    encodeScriptTags(scriptDecoded),
+    scriptEncoded
+  );
+});
+
+test('decodeScriptTags', t => {
+  t.plan(1);
+  t.equal(
+    decodeScriptTags(scriptEncoded),
+    scriptDecoded
+  );
+});
+
+const formDecoded = `
+  <form action ='path'>foo</form>
+`;
+const formEncoded = `
+  <form fccfaa ='path'>foo</form>
+`;
+
+test('encodeFormAction', t => {
+  t.plan(1);
+  t.equal(
+    encodeFormAction(formDecoded),
+    formEncoded
+  );
+});
+
+test('decodeFormAction', t => {
+  t.plan(1);
+  t.equal(
+    decodeFormAction(formEncoded),
+    formDecoded
+  );
+});
+
+test('encodeFcc', t => {
+  t.plan(1);
+  t.equal(
+    encodeFcc('//noprotect' + scriptDecoded + formDecoded),
+    '//' + scriptEncoded + formEncoded
+  );
+});
+
+test('decodeFcc', t => {
+  t.plan(1);
+  t.equal(
+    decodeFcc(scriptEncoded + formEncoded),
+    scriptDecoded + formDecoded
+  );
+});