In the various answers in the SO, it is mentioned that you should escape ampersand, greater than and less than symbols. Even &ndash and &mdash should be escaped as far I understood.
Source: Do I really need to encode '&' as '&'?, check out the answers in there!
Can anyone show me how exactly security can be breached or cookie stealing can happen if I do not escape the symbols I have mentioned. It does not make sense to me the people can hack the websites because of this.