Hacker News new | past | comments | ask | show | jobs | submit login

My favorite instance of this was Mailgun, who html encoded the apostrophe, and then html encoded the resulting text.

O'Bryant -> O'Bryant -> O'Bryant (screenshot: https://twitter.com/obryant666/status/1163638029212250112/ph...)




Deep sigh: ' is not a special character in email addresses or headers so it can support names like yours without special effort.


I think a lot of those writing software just escape [^a-zA-Z0-9-_\.] or similar just to be overly cautious. I've definitely been guilty of this myself when I'm in a rush.

I'm also the person who gets irrationally annoyed at web forms that barf at my username+tag@example.com email address usage (+ signs being valid in the username part), so I can certainly relate to the ire, too.


It's a special character in HTML, which is the context in which the name is being shown. The fact that it's escaped before being concatenated into the HTML document is fine; the fact that it's triple-escaped is the problem.


Apostrophed person here. This happens SO often.




Applications are open for YC Summer 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: