SitePoint Sponsor

User Tag List

Results 1 to 7 of 7

Hybrid View

  1. #1
    SitePoint Enthusiast
    Join Date
    Nov 2004
    Location
    Canberra, Australia
    Posts
    66
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    IE7 and ampersands in URLs

    Hi all,

    I may have stumbled across something of note regarding IE7 and the way it treats URLs with GET parameters (or this may have been known for some time). It seems that you must escape the ampersands as entities or the link may not work in IE7.

    I know that this is a good thing, as ampersands should be encoded as entities for standards compliance, but within URLs is one place I often forget to change my &'s to &'s. Perhaps most significant is that IE7 refuses to treat the ampersands the old way even with an HTML4 DOCTYPE or no DOCTYPE at all.

    Most parameters should work fine, in fact the only reason I stumbled across this issue was because some of my code has URLs like so:

    /script.php?reg_id=123&reg_name=Foo+Bar

    IE7 treats the &reg as an entity, converts it to a registered trademark symbol, and the URL ceases to function as intended. If I change the URL so that the ampersand is properly escaped as an entity, it works fine:

    /script.php?reg_id=123&reg_name=Foo+Bar

    However, the fact that it does not fall back to the old behaviour with an HTML4 DOCTYPE or no DOCTYPE disturbs me, as it would seem to imply that a lot of stuff could potentially break out there.

    Can anyone else test this and verify? Or is it just happening for me?

    Cheers,

    Colin.

  2. #2
    SitePoint Author silver trophybronze trophy

    Join Date
    Nov 2004
    Location
    Ankh-Morpork
    Posts
    12,159
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    It's a special case. Your parameter name is 'reg_name', and when you put an ampersand before that you will get something that starts with '&reg' and a non-alphanumeric character. That will be interpreted as the character entitity for registered trademark (®, ).

    I haven't tried, but I'm convinced IE7 will still allow sloppy coding with unescaped ampersands in URIs, as long as the parameter name doesn't conflict with a named entity.

    This is why you should always escape ampersands, even in URIs.
    Birnam wood is come to Dunsinane

  3. #3
    In memoriam gold trophysilver trophybronze trophy Dan Schulz's Avatar
    Join Date
    May 2006
    Location
    Aurora, Illinois
    Posts
    15,495
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Tommy's right on this one. Always escape them. Even when you don't think you need to, do it anyway. It'll just save you a lot of headaches down the road.

  4. #4
    SitePoint Enthusiast
    Join Date
    Nov 2004
    Location
    Canberra, Australia
    Posts
    66
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I concur with you both! This has definitely been a wake-up call for me to ensure that my ampersands are escaped in URIs. I discovered that Firefox actually does the same thing if the parameter is, say, just 'reg' (i.e. "&reg=foo"), but it does not treat it as an entity with the trailing underscore (i.e. "&reg_name=foo"). In any case, this is a good example of why validating is a good idea. Thanks for the feedback guys.

  5. #5
    bronze trophy
    Join Date
    Dec 2004
    Location
    Sweden
    Posts
    2,670
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    As far as I can tell, IE7 and IE6 both treat "&reg_" as "_". So this is not a new issue with IE7.
    Simon Pieters

  6. #6
    SitePoint Enthusiast
    Join Date
    Nov 2004
    Location
    Canberra, Australia
    Posts
    66
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You may be right! It might just have been luck that I did not encounter the problem until now, somehow avoiding any other entity names in my GET parameters. I was quick to jump down IE7's throat, but in the end, better coding wins.

  7. #7
    In memoriam gold trophysilver trophybronze trophy Dan Schulz's Avatar
    Join Date
    May 2006
    Location
    Aurora, Illinois
    Posts
    15,495
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    In the end, better coding always wins .


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •