Alessandro Vesely writes:
E.g. checking &xxx entities terminate with `;'?But there's no _hot_ security concern, is there?
Just being proactive here -- in case MSIE, or something else -- misparses it in a way that could be exploited:
&foo<script>...
pgpeEnNZjE1zf.pgp
Description: PGP signature
