I just kludged in some code to escape some special characters from the bracket submission page.
However, it doesn't escape all characters and on some pages, it shows the backslashes on displayed text.
Thus, we need to fix the submission and display of special characters everywhere.
It would be nice to have a consistent, app-wide way to handle this.
The app is probably vulnerable to sql injection attacks.