Hello Philipp, Philipp Schafft writes: > [...] > Does it also escape '&' to '&'? Otherwise you're still open to > security problems. I also suggest to keep an eye for '<' and '>' ('<' > and '>'). > [...] Yes, `&', `<' and `>' are already escaped by escape().