On 22/11/2007, Steve Bennett <stevagewp(a)gmail.com> wrote:
On 11/22/07, Mark Clements
<gmane(a)kennel17.co.uk> wrote:
I think he means pass the contents of
<nowiki> through htmlspecialchars()
before outputting.
Yes, but all that is assuming the <nowiki> is not embedded inside
anything else.
No, it doesn't. You just replace "<" and ">" with
"<" and ">".
You don't need to escape the code inside, just escape the <script>
tags and you're sorted.