bWAPP Injection Question

Hi, I am tryign my hand at the OWASP bWAPP. I have been trying to find a solution for the HTML Injection - Reflected (GET) on High security for some hours now. I’ve seen several people claim that it’s secure and impossible to bypass, and one blog that gave a hint and said it was possible. From what I found, it uses htmlspecialchars in order to remove the following characters"<>&’. With the hint from the blog, I found that you could add any number of spaces at the start of your name and they wouldn’t appear in the returned value, but I have no idea what to do with this information. The spaces are replaced with ‘+’ in the url.

Could anyone point me in the right direction?