Meta tags content is not correctly encoded/filtered

I marked #587094: HTML entities cannot be used in the meta tags content as duplicate of this report.

Very simple, contents are already escaped, then it gets double encoded with a call to check_plain()

Is that the only change that needs to be done to the code?

not quite...
http://php.net/html-entity-decode#93378

this patch works

+

The code has been changed, and committed in CVS.

Thanks for the report, and the patch.

Rather than using html_entity_decode(), the code should use decode_entities(); it should also strip any HTML tags, which should not be present on the output meta tags.

I changed the code as reported in the previous comment, and committed the code in CVS.

i'm using nodewords version 6x-1.11 and the problem still exist. when i key in description, for e.g., What's new, it show in the html source code as What's new

i tried with the patch but not working.

[Edited by kiamlaluno to show the encoded entities]

@xsean: That is perfectly normal. Entities are allowed in the meta tags content, and browsers should be prepared to handle them; this is what W3.org reports (to note that content is defined as CDATA).