HTML escaping of database content
Brought to you by:
jromaine
Currently, the content retrieved from the database is not
HTML escaped before being used in HTML pages.
Consequently, syntactically significant characters such
as double quote will be rendered as is, creating
malformed HTML. Note that a solution should be
implemented which can be utilized across the many
pages of the application.