Thought I'd post this, as it got me the other day. Something in a recent security update for IE6.x has caused problems with the target attribute (for anchors definitely, possibly for frames too). Here's an example of a target attribute we were using:
This worked fine for years, but broke about two weeks ago in IE (still works fine in Firefox). We discovered anything other than alphanumeric characters in the target attribute now causes a problem in IE - it will ignore any JS in an onClick attribute if there are special characters in the target.Code:<a href="foo.asp" target="2006-w302893_test_stackbar_default">
I checked the standards and frametarget in the DTD for HTML is of CDATA type, which I believe means it should take any string, right?
Also, I know from the W3C guidelines that our target should start with an alphabetical character [(a-zA-Z)] and doesn't, but this doesn't appear to be IE's gripe, as if you change the target name to just "2006" it works fine.
We only need a unique string, so we got around this by URL encoding our target string and removing all the % symbols, like so:
We then added an 'a' to the start of all targets, just to 100% certain they all start with an alphabetical character, as per the standards:Code:target="20062Dw3028935Ftest5Fstackbar5Fdefault"
And there you go - one legal, standards compliant and IE compatible unique target attribute.Code:target="a20062Dw3028935Ftest5Fstackbar5Fdefault"
Note, if you have hyphens, underscores or anything else "strange" in your target attributes on your website, you're setting yourself up for a future IE headache. Be warned!