Notice the entity "è" towards the end of the comment.

Now view the checkin at http://www.fossil-scm.org/index.html/info/7fca007538

Notice how the "è" entity was not escaped and actually shows as a real grave accent (`) instead of displaying literally.

What happens if something like "&what-kind-of-entity-is-this;" or "&#2345234252342352342523423423425234;" should appear in a comment?

Might trigger a browser crash or security hole.

Comments should be displayed verbatim without any interpretation to prevent this potential problem.

drh added on 2011-04-22 11:36:53 UTC:
By design, commit comments are wiki text, which means HTML is allowed within commit comments and is displayed as such. This allows hyperlinks and rich formatting to be used within comments - a feature that we have made full use of over the past 3.75 years. It is not something we care to disable.

Thanks for the suggestion, though.