Remix.run Logo
_micheee 2 days ago

Seems Like the recommendation changed from supporting ; and & to only using &.

Thinking about it, it is a little surprising as, if I remember correctly, in HTML source you should encode & as & right?

Sardtok 2 days ago | parent [-]

& as an escape character only applies to text nodes. Of course, if you want to display the URL on a page, you have to escape it, but not in the href.

_micheee 2 days ago | parent | next [-]

I just found out you may - even in current HTML use entity references in attribute values, it’s just you don’t have to anymore, when the ampersand is not ambiguous.

The spec states it as: “Attribute values are a mixture of text and character references, except with the additional restriction that the text cannot contain an ambiguous ampersand.”

Whereas in the the days before HTML5 this has been mandatory.

> HTML 4.01 Specification – Appendix B.2.2 “Ampersands in URI attribute values”

https://www.w3.org/TR/html401/appendix/notes.html#h-B.2.2

> Unfortunately, the use of the “&” character to separate form fields interacts with its use in SGML attribute values to delimit character entity references.

someonebaggy 2 days ago | parent [-]

That's the same as main body text isn't it? And you have to be able to use them so you can escape " just like you have to escape < in main text.

HTML5 standardized how to interpret formerly invalid documents because it was more important to be consistent than to be correct.

ShinyLeftPad 2 days ago | parent | prev | next [-]

You're supposed to escape & anywhere in HTML, not just in text nodes. If you don't (and many don't) it'll probably work, but browser first tries to interpret it as a start of an entity anyway. Even if it is inside a href etc.

bawolff 2 days ago | parent | prev [-]

That is incorrect. Entities apply to attributes.

In HTML escaping & is kind of optional and the browser just tries to figure out what you mean, but if you are doing things properly you should use &amp; in href attributes.