It looks like you're new here. If you want to get involved, click one of these buttons!
All of the following can be found in the vanilla core:
htmlspecialchars(..., C('Garden.Charset', 'UTF-8')) htmlspecialchars(..., 'ISO-8859-1'); // Smarty default htmlspecialchars(..., 'UTF-8') htmlspecialchars(...) // Defaults to 'ISO-8859-1' in PHP <= 5.3
From the PHP manual:
For the purposes of this function, the encodings ISO-8859-1 [and] UTF-8 [are] effectively equivalent, provided the string itself is valid for the encoding.
But what if C('Garden.Charset') is set to something more exotic? That is how you end up on http://seclists.org/ ...
Why even bother with C('Garden.Charset') then? Better make Vanilla UTF-8 only?