bpieuropeplc.co.uk

HTML entity escaping loop destroys a GlobalSign verification token

$ dig TXT bpieuropeplc.co.uk

;; QUESTION SECTION:

;bpieuropeplc.co.uk. IN TXT

;; ANSWER SECTION:

bpieuropeplc.co.uk. 3600 IN TXT "_globalsign-domain-verification=&amp;amp;amp;amp;amp;quot;GWm3N1X0U7guBum..."

What Happened

A broken CMS backend repeatedly re-encoded the GlobalSign token. The original token was quoted. The system escaped `"` to `"`, then escaped the `&` to `&` — six times over. The result `_globalsign-domain-verification=&amp;amp;amp;amp;amp;quot;GWm3N1...` is completely unrecognisable to GlobalSign's verification system.

Full TXT Record Value

_globalsign-domain-verification=&amp;amp;amp;amp;amp;quot;GWm3N1X0U7guBum...