26 September 2004

Unescaped Ampersand is not Allowed Within XML Attributes!

Posted under: at 12:35

One of the most overlooked thing in web design is: “It is not allowed to put unquoted ampersand (&) within XML attributes.”. It was allowed in HTML, but not in XHTML because XHTML is an XML document. This mistake most often occurred when referencing an URL with ampersand in it.

This is wrong because ampersand is not XML entity quoted:

<a href="/foo?name1=value1&name2=value2">bar</a>

This is the correct version of the above:

<a href="/foo?name1=value1&amp;name2=value2">bar</a>

Sometimes, the script API used in the server allows characters other than ampersand to separate multiple variables in query string. For example, Perl’s CGI.pm and PHP by default also treat semicolon (;) as variable separator. So, the example above can be written as:

<a href="/foo?name1=value1;name2=value2">bar</a>

It is more convenient to use semicolons but please remember we can’t rely on this if we don’t control the server side script itself.

One Response

Trackback: Use this URI to trackback this entry. Use your web browser's function to copy it to your blog posting.

Comment RSS: You can track conversation in this page by using this page's Comments RSS (XML)

Gravatar: You can have a picture next to each of your comments by getting a Gravatar.

Leave a Comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Warning: Comments carrying links to questionable sites will be removed!