html special characters in passwords are not unescaped

[rdm]

Expected Behavior

Angle bracket ('>') entered in password should be sent to database as an angle bracket

Current Behavior

Angle bracket entered in password is sent to database as html escape sequence ('>')

Possible Solution

Use html_entity_decode() on password (and perhaps on other fields) before writing them to .env (or however that translates into the frameworks being used).

If there's no documentation on how to make this happen, warn the user of this issue.

[rdm]

(I had to update my comment so that it would display properly - if you happened to look at this issue before now, you would have seen the issue reporting an apparently a false issue because of how github issues handle html escape sequences).