* Page descriptions in the HTML `<head>` were previously double-escaped:
the description was stored escaped with numeric entities, then that was
output with a second layer of escaping! In this branch, I just emit
* Page descriptions in the HTML `<head>` were previously double-escaped:
the description was stored escaped with numeric entities, then that was
output with a second layer of escaping! In this branch, I just emit
contained markup could appear unescaped on any page that inlines them
in `quick=yes` mode, and is rebuilt for some other reason. The failure
mode here would be too little escaping, i.e. cross-site scripting.
contained markup could appear unescaped on any page that inlines them
in `quick=yes` mode, and is rebuilt for some other reason. The failure
mode here would be too little escaping, i.e. cross-site scripting.