is there any danger if the rails html_escape function would stop escaping ‘&’? I tested a few cases and it doesn’t seem to create any problems. Can you give me a contrary an example? Thanks.
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
is there any danger if the rails html_escape function would stop escaping ‘&’? I tested a few cases and it doesn’t seem to create any problems. Can you give me a contrary an example? Thanks.
If you put an unescaped “&” into an HTML attribute, it would make your page invalid. For example:
The page is now invalid as the & indicates an entity. This is true for any usage of an & on a page (for example, view source and hopefully you’ll notice that Stack Overflow escapes the & signs in this post!)
The following would make the above example valid:
Additional Note
&characters do need to be escaped in URLs if you want to validate your markup against the W3C validator. Example: