SitePoint Sponsor

User Tag List

Results 1 to 11 of 11

Hybrid View

  1. #1
    SitePoint Evangelist winterheat's Avatar
    Join Date
    Aug 2007
    Posts
    508
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    will <a href="foo.php?a=1&amp;b=2"> choke any modern web browser?

    it looks like we really need to use

    <a href="foo.php?a=1&amp;b=2">click me</a>

    that is, the "&amp;" instead of "&"

    using "&" works in most cases except that some Facebook package will not take it as valid XHTML... so I am forced to use "&amp;"

    however, I am worried that using "&amp;" may choke some browsers like IE 6 or even IE 5.5? Or does any one know that it is well supported by most browsers? Thanks.

  2. #2
    Guru in training bronze trophy SoulScratch's Avatar
    Join Date
    Apr 2006
    Location
    Maryland
    Posts
    1,838
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Is something preventing you from testing in IE to see if that link works? Are you on Linux?

    It's perfectly fine. View source of this forum page and search for '&amp;'

    editpost.php?do=editpost&amp;p=4124559
    Cross browser css bugs

    Dan Schulz you will be missed

  3. #3
    SitePoint Evangelist winterheat's Avatar
    Join Date
    Aug 2007
    Posts
    508
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I don't have IE 5.5 Win or Mac... have IE 6 on a virtual PC... but testing it consume a lot of resource on the machine... and need to test Safari, Opera 8, etc... so wonder if someone knows a good rule for using "&amp;" vs "&" inside of a href=" ". Thanks.

  4. #4
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,868
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    &amp; is the correct way of entering an ampersand in HTML and so should work even in early browsers and certainly more modern browsers such as Netscape 3 and all browsers released since then should have no trouble with it. Browsers would only choke on it if you tried to enter it in the address bar.

    Entering it as & in the HTML would be invalid and may cause some browsers to not process it correctly.
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">

  5. #5
    SitePoint Addict aguroyz's Avatar
    Join Date
    Jan 2009
    Location
    Konoha Fire Country
    Posts
    311
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Wow, I never thought of that....

    Is it a bad practice using " " in your html instead of &quot; then???
    Uniquely FILIPINO... See how talented and creative Filipinos are.
    http://www.smalltym.com
    Custom Web Designs:
    http://proweaver.com

  6. #6
    SitePoint Evangelist winterheat's Avatar
    Join Date
    Aug 2007
    Posts
    508
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    so i heard the rule is, for attributes' values, html escape them... so such as & " < > '

    not sure about content text except for < and >.

  7. #7
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,868
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    Everywhere you use < or & in your HTML that isn't the start of a tag or entity MUST use the entity code instead (&lt; and &amp; respectively).

    It is accepted practice to also use the &gt; entity code where ever you want a > to appear although it is only essential that you do so if it is within a tag where it could terminate the tag early.

    A " needs to use the &quote; entity code if it is within the value of an attribute so that it doesn't terminate the value early. For some reason it isn't considered as important to always use the entity code the way it is for >.

    While the ' can be specified as &apos; in XHTML that entity code is not defined in HTML so you would use &#39; (which is the numeric entity code) instead should you decide that you have a situation where it is necessary.
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">

  8. #8
    SitePoint Author silver trophybronze trophy

    Join Date
    Nov 2004
    Location
    Ankh-Morpork
    Posts
    12,158
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I've never heard of a browser that doesn't support &amp;. It's the only correct way.

    Ampersands and '<' characters must be escaped (as &amp; and &lt;) everywhere, except inside style and script elements. (In XHTML they must be escaped there, too, which means you mustn't use those characters in style or script elements if you're using pretend-XHTML served as text/html).

    Quotation marks need to be escaped as &quot; only inside an attribute value that is enclosed in the same quotation marks, e.g., title="My &quot;new&quot; car". It's often easier to use apostrophes instead (title='My "new" car'), but if you need both, one of them must be escaped (title="Jane's &quot;new&quot; car" or title='Jane&#38;#39;s "new" car'). In real XHTML (but not pretend-XHTML) you can also use title='Jane&apos;s "new" car'.
    Birnam wood is come to Dunsinane

  9. #9
    SitePoint Wizard
    Join Date
    Apr 2002
    Posts
    2,322
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)
    do urls use html encoding though? urls use a different (or at least another) kind of encoding: a % then the hexadecimal value. e.g. for a space: %20

  10. #10
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,868
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by johnyboy View Post
    do urls use html encoding though? urls use a different (or at least another) kind of encoding: a % then the hexadecimal value. e.g. for a space: %20
    That encoding serves a different purpose - to allow characters that have a special meaning in a URL to be included in the content of the URL as their normal rather than special meaning.

    Where you put a URL into the address bar of your browser that encoding of %20 for space etc must be used but the HTML encoding is not required.

    Where you put a URL inside HTML then both types of encoding are required. For example:

    <a href="nextpage.htm?a=b%20c&amp;d=e%3ff">
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">

  11. #11
    SitePoint Author silver trophybronze trophy

    Join Date
    Nov 2004
    Location
    Ankh-Morpork
    Posts
    12,158
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yes, URIs should be URL-encoded. But if the URI needs to contain a literal character that has special meaning in HTML, that character must be escaped with an entity reference or a numeric character reference.

    The most common example is the ampersand that is ubiquitous as a parameter separator. It needs to be a literal ampersand in the URI (so we can't encode it as &#37;26, because it will lose its function). But it needs to be protected from the HTML (or XML) parser so that it isn't taken as the start of an entity reference. Therefore a URI in an HTML document may need to use both escape methods, e.g.,
    Code HTML4Strict:
    <a href="/my%20script.php?x=1&amp;y=2">

    Edit:

    Darn it, Stephen, you posted while I was typing!
    Birnam wood is come to Dunsinane


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •