>From a security standpoint, I'd hope the information is stored pre- escaped, and that's why the API returns it that way. I'd like to offer a +1 to liking the idea that the data I get from the API is escaped for me.
On Jul 17, 11:27 am, Jeff Dairiki <dair...@dairiki.org> wrote: > On Fri, Jul 17, 2009 at 07:53:27AM -0700, Bjoern wrote: > > > look for example at this:http://twitter.com/statuses/show/2689100482.json > > > My status update was "test html escaping by twitter <b>bold</b>" but > > Twitter sends me "test html escaping by twitter <b>bold<\/ > > b>" > > > So it has transformed the "<" and "<" into HTML entities < and > > > [...] > > Hope that clarifies it? > > Yes it does. It seems the API encodes <, >, &, and ". > (I should have realized that was what you meant in the first place --- > haven't had enough coffee yet this morning.) > > And I see your point. > > Though I can see the reason for the encoding. Imagine the havoc which > could ensue if some unknowing app developer forgets to encode texts, > allowing nefarious parties to post raw HTML to their site via twitter. > > As you stated at the top of the thread --- it's easy enough to decode > the entities yourself, if you want the raw text. > > Sorry for the interruption... carry on! > > Jeff
