Antone Roundy wrote:
Converting & to & and < to < is sufficient
People keep missing this so I'm going to point it out one more time: there are certain rare circumstances when a right angle bracket (>) MUST be escaped so if you're just doing ampersands and left angle brackets that WON'T always be sufficient. To be safe it's best to always encode all three.
As for CDATA sections, it's worth noting that you wouldn't have been able to syndicate this message thread if you always escaped everything with CDATA.
Regards James
