I feel like whenever I see the ampersand on this website, it’s followed with “amp;”. I’ve noticed it other places on the internet also. Why does this happen? Is it some programming thing?

Just for a test: &

  • m-p{3}@lemmy.caEnglish
    22·
    11 months ago

    It’s because some part of the post is being sanitized to reduce the possibility of a security flaw by someone managing to type in something that could be executed by the server or your web browser in an unexpected way.

    https://github.com/LemmyNet/lemmy/blob/main/RELEASES.md#major-changes-1

    In terms of security, Lemmy now performs HTML sanitization on all messages which are submitted through the API or received via federation. Together with the tightened content-security-policy from 0.18.2, cross-site scripting attacks are now much more difficult.

    The & symbol is however incorrectly parsed by the sanitizer, which will eventually be patched by the devs.