

Ask PG: Why is HTML-like text stripped from titles? Why can't be used? - TazeTSchnitzel

The title was &quot;Ask PG: Why is HTML-like text stripped from titles? Why can&#x27;t &lt;angle brackets&gt; be used?&quot;, but the &quot;&lt;angle brackets&gt;&quot; bit was were stripped, so I had to rewrite it without it.
======
YoAdrian
Odds are, it's to avoid Cross Site Scripting attacks.

[http://en.wikipedia.org/wiki/Cross-
site_scripting](http://en.wikipedia.org/wiki/Cross-site_scripting)
[https://www.owasp.org/index.php/Cross-
site_Scripting_(XSS)](https://www.owasp.org/index.php/Cross-
site_Scripting_\(XSS\))

~~~
TazeTSchnitzel
That makes no sense. It is trivial to use HTML entities (&lt; and &gt;) here.
In fact, I think this is already done for comments.

Test: <>

Edit:

    
    
      <p>Test: &lt;&gt;</font></span>
    

Yep.

------
minimaxir
Why would you want to use HTML-like text in titles anyways?

~~~
TazeTSchnitzel
HTML itself is unusual, but > and < do appear sometimes, and the fact they're
stripped can make titles cease to make sense.

~~~
minimaxir
We have three other types of brackets in standard ASCII that you can use for
the same purpose within a headline. :P

~~~
TazeTSchnitzel
And then there are titles like "70 Unique Ways to Encode ＜" which have to use
a unicode workaround:
[https://news.ycombinator.com/item?id=6864186](https://news.ycombinator.com/item?id=6864186)

