Well, historically everything was done using htmlspecialchars with ENT_QUOTES so if it's not doing that now, there's a reason - and very likely that reason is code we've changed rather than code that's buggy in SMF.
Also note that the DB here isn't a true SMF database but one from Noisen's code which did have a lot of changes, and possibly including some that affected htmlspecialchars.
I'm fine with switching to ENT_NOQUOTES for such, provided that we can be certain there's no XSS injection risk. (There shouldn't be an SQL injection risk because of the query layer doing its own quoting.) It will certainly space some space (including the extra byte per row that I wanted to spend making it mediumtext ;))
Also note that the DB here isn't a true SMF database but one from Noisen's code which did have a lot of changes, and possibly including some that affected htmlspecialchars.
I'm fine with switching to ENT_NOQUOTES for such, provided that we can be certain there's no XSS injection risk. (There shouldn't be an SQL injection risk because of the query layer doing its own quoting.) It will certainly space some space (including the extra byte per row that I wanted to spend making it mediumtext ;))