I feel like whenever I see the ampersand on this website, it’s followed with “amp;”. I’ve noticed it other places on the internet also. Why does this happen? Is it some programming thing?

Just for a test: &

  • m-p{3}@lemmy.ca
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    1 year ago

    It’s because some part of the post is being sanitized to reduce the possibility of a security flaw by someone managing to type in something that could be executed by the server or your web browser in an unexpected way.

    https://github.com/LemmyNet/lemmy/blob/main/RELEASES.md#major-changes-1

    In terms of security, Lemmy now performs HTML sanitization on all messages which are submitted through the API or received via federation. Together with the tightened content-security-policy from 0.18.2, cross-site scripting attacks are now much more difficult.

    The & symbol is however incorrectly parsed by the sanitizer, which will eventually be patched by the devs.

  • tunawasherepoo@iusearchlinux.fyi
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    1 year ago

    There’s not enough symbols on my keyboard and I want to type ¢ © ÷, so let’s invent a system so we can write them and other symbols!

    1. lets say & means start of code
    2. and say ; means end of code
    3. Between the start and end is the code

    Now let’s make some codes

    • ¢ can be ¢
    • © can be ©
    • ÷ can be ÷

    I want to tell other people how to use our new code, but if I tell them to “just write ÷” it’ll turn my message into “just write ÷” !! So how can we fix this?

    What if we make & its own code?

    • & —> &
    • ÷ —> ÷ ???

    Yes! That’ll work :)

    This is how & came to be, and it’s specifically used in HTML as a way to write those symbols above (and escape other a few other symbols for similar reasons we did with &)

    As for why & shows up as &, there are 2 main places I can see this happening:

    1. The editor you use to write it automatically converts an & —> &. But the user typed in & (making it &). I think this is most likely. I’m guessing the title of posts automatically do the conversion, but the post body and comments do not because it uses a raw markdown editor
    2. In some contexts the & specifically doesn’t get converted? like how you can write `&` to get & as opposed to seeing