Denis Barbier said: > On Tue, Apr 15, 2003 at 06:56:23PM +0200, Frank Lichtenheld wrote: > > I think, the solution presented by Andrew Shugg in #186740 is the > > right way to go. > > Nope, ampersnads must be escaped, period. > Example: > Description: escape HTML special characters in plain text > EscapeHTML converts all &, < and > characters into &, < and > >. > > There is no case where they must not be escaped. > > Denis
That's right, and the solution I proposed (to 'normalise' the entities, is that the right word?) will do that. To clarify what I outlined in #186740, if you were to start with this sort of string: &foo blah & <url> you would end up with this in the HTML: &foo blah & <url> which would be rendered in the browser (ie entities decoded) like this: &foo blah & <url> The last line is what we _see_, but the second last line is what is actually in the HTML. I'm not sure I described it clearly enough in #186740, sorry. Valid HTML entities will be normalised, everything else will be preserved. Andrew. -- Andrew Shugg <[EMAIL PROTECTED]> http://www.neep.com.au/ "Just remember, Mr Fawlty, there's always someone worse off than yourself." "Is there? Well I'd like to meet him. I could do with a good laugh."