Hello!

I'm using TinyMCE and would like to prevent cross-scripting attacks. Using HTML Purifier, I've been attempting, unsuccessfully to figure out "encoding". For example, if the HTML in my TinyMCE is:

<p>x&gt;4 and x&ge;2</p>

after I send it to my database it looks like

<p>x&gt;4 and x≥2</p>.

The weird thing is that when I then call the entry from my data base it looks correct on the screen. I would really like to my database and the webpage to match up!

The good news is that I know that this has SOMETHING to do with encoding. However, I fear that after spending a few days reading up on encoding, I feel more confused than ever. If someone is familiar with HTML Purifier and could offer me some assistance I'd appreciate it.

Thanks so much,

Eric