Welcome to WebmasterWorld Guest from 54.161.135.168

Forum Moderators: incrediBILL

'&' or '&' in URLs?

html vs javascript

   
1:33 am on Oct 15, 2004 (gmt 0)

10+ Year Member



Hi,

W3C warns against variable names in URLs that could be interpreted as html entities, like:

<A HREF="script.php?var=my_var&amp=my_amp">

as &amp might be replaced by forgiving browsers (those that do not require html entities to end with ;) with & resulting in the URL looking like:

script.php?var=my_var&=my_amp

So it is recommended to write such an anchor this way:

<A HREF="script.php?var=my_var&amp;amp=my_amp">

Having said that, what about the following:

<A HREF="javascript:window.open('script.php?var=my_var&amp=my_amp', '', 'width=500,height=250')">

I would assume that as soon as browsers see javascript: in the HREF attribute, the javascript interpreter would take over and just '&' is ok. I tried both '&' and '&amp;' and both work equally well (in IE at least).

So well it's cool it works, but I'd like to understand what's actually going on and who's at the controls, html or javascript?

Any experience with that?

Thanks!

Cheers,
Cook

2:40 am on Oct 15, 2004 (gmt 0)

WebmasterWorld Senior Member kaled is a WebmasterWorld Top Contributor of All Time 10+ Year Member



I would think HTML is in control, therefore &amp; is required.

To convince yourself, try something like this

href="javascript:alert('&amp; hello');"

I'm pretty sure it will display '& hello';

Kaled.

2:47 am on Oct 15, 2004 (gmt 0)

10+ Year Member



Hi kaled,

Thanks for this, you're right that's what is displayed. So one can assume that html is in control for parsing text in tag attributes, eventhough it actually is some javascript.

How about text between <script></script> tags? Oh, is it why javascript statements are enclosed with <!-- and --> as in:

<script ...>
<!--
javascript code
-->
</script>

Cheers,
Cook

2:53 am on Oct 15, 2004 (gmt 0)

10+ Year Member



I answer my own question:

<html>
<head><script>
function test()
{
alert('&amp; hello');
}
</script></head>
<body>
<a href="javascript:alert('&amp; hello')">test me</a>
<a href="javascript:test()">no, test me</a>
</body>
</html>

The first link display '& hello', the second, '&amp; hello'. So html stays out of what's within <script></script>.

Cheers,
Cook

11:00 am on Oct 15, 2004 (gmt 0)

WebmasterWorld Senior Member kaled is a WebmasterWorld Top Contributor of All Time 10+ Year Member



One thing to be aware of

If javascript is embedded in an html file the character string combination '</' may be treated as '</SCRIPT>' wherever it occurs. Therefore this should be written as '<\/'

Kaled.

11:54 am on Oct 15, 2004 (gmt 0)

WebmasterWorld Senior Member fathom is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



<A HREF="script.php?var=my_var&amp=my_amp">

don't forget that &#061; is = in unicode as well.

 

Featured Threads

Hot Threads This Week

Hot Threads This Month