On 22/11/2007, Steve Bennett stevagewp@gmail.com wrote:
On 11/22/07, Mark Clements gmane@kennel17.co.uk wrote:
I think he means pass the contents of <nowiki> through htmlspecialchars() before outputting.
Yes, but all that is assuming the <nowiki> is not embedded inside anything else.
No, it doesn't. You just replace "<" and ">" with "<" and ">". You don't need to escape the code inside, just escape the <script> tags and you're sorted.