Last modified: 2009-07-05 11:58:00 UTC
See the URL above. For testing purposes I created the account »Amalthea'"&lt« and found that browsers "fixed" the broken html entity "&lt" and displayed a "<" instead - see the URL above. Apparently the ampersand isn't escaped correctly on the contributions page, Special:RecentPages didn't have that problem. Fun could probably be had with some of the more disruptive entities. I don't know if there's a HTML entity for the U+202E RIGHT-TO-LEFT OVERRIDE, but if so, then ‮ this could be abused for some comedic effect.
Hmm, I thought HTML entities would be passed through here like in MediaWiki, but apparently not. Read the above as: account name » Amalthea'"< «, browsers display "<" as "<", and the comedic effect in the last paragraph fell flat.
Fixed in r52521.