Quoting m4dc4p <jgbailey / gmail.com>:

> I thought it was logical that if a piece of code was tainted, it
> should be HTML escaped. Unfortuntately, this was a little too
> broad and it ended up escaping some things I didn't want escaped.

Hmm, that approach makes sense, actually.  Maybe you really should
be inspecting and untainting those additional things.

-mental