I would like to get your thoughts on the following issue:
I've added a note with a possible fix, but I'm not sure if we have the appropriate level of escaping or not. It looks to me like we are doing some sort of double escaping right now, but I'm not sure.
If I remember correctly the formatting logic was refactored when we introduced the MantisCoreFormatting plugin, so jreese may have some context. Given that this is an escaping issue, we should also make sure we are covered from a security perspective (dhx!).