Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I’m writing code that automatically generates HTML, and I want it to encode things properly.
Say I’m generating a link to the following URL:
http://www.google.com/search?rls=en&q=stack+overflow
I’m assuming that all attribute values should be HTML-encoded. (Please correct me if I’m wrong.) So that means if I’m putting the above URL into an anchor tag, I should encode the ampersand as &, like this:
<a href="http://www.google.com/search?rls=en&q=stack+overflow">
Is that correct?
Yes, it is. HTML entities are parsed inside HTML attributes, and a stray
&would create an ambiguity. That’s why you should always write&instead of just&inside all HTML attributes.That said, only
&and quotes need to be encoded. If you have special characters likeéin your attribute, you don’t need to encode those to satisfy the HTML parser.It used to be the case that URLs needed special treatment with non-ASCII characters, like
é. You had to encode those using percent-escapes, and in this case it would give%C3%A9, because they were defined by RFC 1738. However, RFC 1738 has been superseded by RFC 3986 (URIs, Uniform Resource Identifiers) and RFC 3987 (IRIs, Internationalized Resource Identifiers), on which the WhatWG based its work to define how browsers should behave when they see an URL with non-ASCII characters in it since HTML5. It’s therefore now safe to include non-ASCII characters in URLs, percent-encoded or not.