| ▲ | Sardtok 2 days ago | |||||||
& as an escape character only applies to text nodes. Of course, if you want to display the URL on a page, you have to escape it, but not in the href. | ||||||||
| ▲ | _micheee 2 days ago | parent | next [-] | |||||||
I just found out you may - even in current HTML use entity references in attribute values, it’s just you don’t have to anymore, when the ampersand is not ambiguous. The spec states it as: “Attribute values are a mixture of text and character references, except with the additional restriction that the text cannot contain an ambiguous ampersand.” Whereas in the the days before HTML5 this has been mandatory. > HTML 4.01 Specification – Appendix B.2.2 “Ampersands in URI attribute values” https://www.w3.org/TR/html401/appendix/notes.html#h-B.2.2 > Unfortunately, the use of the “&” character to separate form fields interacts with its use in SGML attribute values to delimit character entity references. | ||||||||
| ||||||||
| ▲ | ShinyLeftPad 2 days ago | parent | prev | next [-] | |||||||
You're supposed to escape & anywhere in HTML, not just in text nodes. If you don't (and many don't) it'll probably work, but browser first tries to interpret it as a start of an entity anyway. Even if it is inside a href etc. | ||||||||
| ▲ | bawolff 2 days ago | parent | prev [-] | |||||||
That is incorrect. Entities apply to attributes. In HTML escaping & is kind of optional and the browser just tries to figure out what you mean, but if you are doing things properly you should use & in href attributes. | ||||||||