Unescaped Ampersand is not Allowed Within XML Attributes!

One of the most overlooked thing in web design is: *”It is not allowed to put unquoted ampersand (&) within XML attributes.”*. It was allowed in HTML, but not in XHTML because XHTML is an XML document. This mistake most often occurred when referencing an URL with ampersand in it.

This is wrong because ampersand is not XML entity quoted:


This is the correct version of the above:


Sometimes, the script API used in the server allows characters other than ampersand to separate multiple variables in query string. For example, Perl’s CGI.pm and PHP by default also treat semicolon (;) as variable separator. So, the example above can be written as:


It is more convenient to use semicolons but please remember we can’t rely on this if we don’t control the server side script itself.

1 comment

Leave a Reply to DiN Cancel reply

Your email address will not be published. Required fields are marked *