Hi, probably it is too late to change it now, but someone has to say it: I think it is the wrong approach to do HTML escaping in the API on the Twitter side. For starters, not every consumer is a Website. Secondly, even if I am a website, now I have to rely on Twitter getting the escaping right.
I'd much rather rely on my own HTML escaping algorithm, and get the data in pure form without assumptions about it's use. It should be a natural reflex for web developers to escape everything, so to put the Twitter data on my website without escaping it leaves with a very uneasy feeling (my nervous systems wants to escape the strings). The workaround is to first unescape the HTML and then escape it again, I suppose? I haven't thought it through 100% to see if that would be a fail-save approach. I just noticed that for example bit.ly is bitten by this, they seem to escape the data from Twitter, so that the text comes out ugly on their webseite. Björn