Is user.description supposed to be html escaped or not?


Twitter seems to perform some bizarre set of case logic on user.description. For example it allows “&” and “&amp;” but strips “<”.

However a raw “&” in the description gets translated on into an html-escaped proper “&amp;”, whereas “&amp;” stays as “&amp;” and so both display on the webpage as simply “&”.

So, if it’s some hybrid of html-escaped and raw characters, what is the rule set for turning user.description into proper HTML?


Weird. This very forum seems to have a similar set of strange rules. I had to go back in my post and edit it to change “&amp;” to “&amp;amp;” to get it to properly display on the screen as “&amp;”.