Can I use unencoded ampersands (&) in html? [duplicate]

StackOverflow https://stackoverflow.com/questions/11221565

  •  17-06-2021
  •  | 
  •  

Question

I'm building a website where I have to work with less then perfect masterdata (I guess I'm not the only one :-))

In my case I have to render an xml filte to html (using xsl). Sometimes the masterdata is using html-enitites allready (eg ;é in french words) so there I have to use 'disable-output-escaping='yes') there in order to avoid double encoding.

The easiest solution is disable output escaping all together, so I never run the risk of a double encoding.

The only characters that misses encoding for this masterdata are the ampersands. But when I parse them 'raw' (so rather & than & all browsers seem to be ok with it.

So the question : what are the consequenses of using not encoded ampersands in html?

Was it helpful?

Solution

AFAIK bare ampersands are illegal in HTML. With that out of the way, let's look at the consequences:

  • You are now relying on the browser's capabilities to detect and gracefully recover from the problem. Note that in order to do this, the browser has to guess: is "clearly" an ampersand followed by a space, and © is clearly the copyright symbol. But what about the text fragment edit&copy? The browser I 'm using right now mangles it.
  • If you are using XHTML, or if the content is ever going to be inserted into an XML document, the result will be a hard parser error.

Since it's more difficult to detect and account for these cases manually than it is to replace all ampersands that are not part of entities (say with a regex), you should really do the latter.

OTHER TIPS

It depends

The best research I have seen on this topic can be found here

In HTML5 you should escape all of the ampersands that do not fall in the categories below:

An ambiguous ampersand is a U+0026 AMPERSAND character (&) that is followed by one or more characters in the range U+0030 DIGIT ZERO (0) to U+0039 DIGIT NINE (9), U+0061 LATIN SMALL LETTER A to U+007A LATIN SMALL LETTER Z, and U+0041 LATIN CAPITAL LETTER A to U+005A LATIN CAPITAL LETTER Z, followed by a U+003B SEMICOLON character (;), where these characters do not match any of the names given in the named character references section.

See Do I really need to encode '&' as '&'?

To summarize: Yes you can, but strictly speaking it is not legal (except in HTML5 where it is legal as long as it doesn't "look like" a character entity).

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top