>From a security standpoint, I'd hope the information is stored pre-
escaped, and that's why the API returns it that way. I'd like to offer
a +1 to liking the idea that the data I get from the API is escaped
for me.

On Jul 17, 11:27 am, Jeff Dairiki <dair...@dairiki.org> wrote:
> On Fri, Jul 17, 2009 at 07:53:27AM -0700, Bjoern wrote:
> > look for example at this:http://twitter.com/statuses/show/2689100482.json
> > My status update was "test html escaping by twitter <b>bold</b>" but
> > Twitter sends me "test html escaping by twitter &lt;b&gt;bold&lt;\/
> > b&gt;"
> > So it has transformed the "<" and "<" into HTML entities &lt; and &gt;
> > [...]
> > Hope that clarifies it?
> Yes it does.   It seems the API encodes &lt;, &gt;, &amp;, and &quot;.
> (I should have realized that was what you meant in the first place ---
> haven't had enough coffee yet this morning.)
> And I see your point.
> Though I can see the reason for the encoding.  Imagine the havoc which
> could ensue if some unknowing app developer forgets to encode texts,
> allowing nefarious parties to post raw HTML to their site via twitter.
> As you stated at the top of the thread --- it's easy enough to decode
> the entities yourself, if you want the raw text.
> Sorry for the interruption... carry on!
> Jeff

Reply via email to