In the recent cakePHP 1.3.4 version I discovered that Sanitize::html returns double encoded html entities - because of the newly added fourth parameter of htmlentities 'double_encode'.
Here is a corresponding ticket on cakePHP: http://cakephp.lighthouseapp.com/projects/42648/tickets/1152-sanitizehtml-needs-double_encode-parameter-in-htmlentities
Since I need to use cakePHP 1.3.4 on PHP 5.2.14 I need to change the double_encode parameter. Is there a way to overload the Sanitize::html method in cake so I don't have to fiddle with the core?