Yep exactly. So when a user submits, for example, a literal ampersand (&) it will actually save that content as the phrase & and then display it as an ampersand just like normal. It does this because if it instead saved and tried to display the literal ampersand you could technically inject code directly into the page instead of displaying it. If you right-click view source on a website you will see what is meant by the content being injected into the page rather than displaying it.

It does this for a number of “special” characters that people use to code the page but they also have the dual purpose of sometimes needing to be displayed so there is a way to “escape” out of the code format.

The problem is that some “containers” don’t follow the process of taking & and converting it to a & for display and instead literally display the text &. One example of this where it’s correct is the same code block you just used! An incorrect example is in Boost when it displays the post title.

Hopefully that completely explains why it’s happening even though it is technically a bug.