Php – htmlspecialchars() default flags
https://www.php.net/manual/en/function.htmlspecialchars.php flags... The default is ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML401. But then below When neither of ENT_COMPAT, ENT_QUOTES, ENT_NOQUOTES is present, the default is ENT_NOQUOTES. And indeed if you don't pass any flag all quotes are unascaped. This made me…