Another day, another flawed library. Found out the HTML sanitizer I use needlessly escapes too much, including emojis and @ signs. Had to implement an HTML writer (thankfully there's an interface exposed for that) that doesn't do any of this. Literally the only characters it touches are <, > and " (in attribute values), those do legitimately need escaping.