What are the best practices for using ENT_COMPAT or ENT_QUOTE instead of ENT_NOQUOTES in htmlspecialchars() for improved XSS protection in PHP?

When using htmlspecialchars() in PHP to prevent XSS attacks, it is recommended to use ENT_COMPAT or ENT_QUOTES instead of ENT_NOQUOTES for improved pr...