I feel like whenever I see the ampersand on this website, it’s followed with “amp;”. I’ve noticed it other places on the internet also. Why does this happen? Is it some programming thing?
Just for a test: &
There’s not enough symbols on my keyboard and I want to type ¢ © ÷, so let’s invent a system so we can write them and other symbols!
- lets say & means start of code
- and say ; means end of code
- Between the start and end is the code
Now let’s make some codes
- ¢ can be ¢
- © can be ©
- ÷ can be ÷
I want to tell other people how to use our new code, but if I tell them to “just write ÷” it’ll turn my message into “just write ÷” !! So how can we fix this?
What if we make & its own code?
- & —> &
- ÷ —> ÷ ???
Yes! That’ll work :)
This is how & came to be, and it’s specifically used in HTML as a way to write those symbols above (and escape other a few other symbols for similar reasons we did with &)
As for why & shows up as &, there are 2 main places I can see this happening:
- The editor you use to write it automatically converts an & —> &. But the user typed in & (making it &). I think this is most likely. I’m guessing the title of posts automatically do the conversion, but the post body and comments do not because it uses a raw markdown editor
- In some contexts the & specifically doesn’t get converted? like how you can write `&` to get
&as opposed to seeing&
It’s because some part of the post is being sanitized to reduce the possibility of a security flaw by someone managing to type in something that could be executed by the server or your web browser in an unexpected way.
https://github.com/LemmyNet/lemmy/blob/main/RELEASES.md#major-changes-1
In terms of security, Lemmy now performs HTML sanitization on all messages which are submitted through the API or received via federation. Together with the tightened content-security-policy from 0.18.2, cross-site scripting attacks are now much more difficult.
The
&symbol is however incorrectly parsed by the sanitizer, which will eventually be patched by the devs.
