Encoding ampersands in Javascript?

Forum Moderators: open

Message Too Old, No Replies

Encoding ampersands in Javascript?

Does not seem to work on all browsers

Umbra

10:22 pm on Mar 18, 2005 (gmt 0)

Everyone advises that ampersands in URLs should be encoded, like so:

location.href='script.cgi?var=1&var=2';

This seems to work fine in IE6.0 and Opera, but NN7 and Firefox don't encode the & (it does not make a difference whether location.href is in single quotes or double quotes) Instead, the browser address line shows:

[example.com...]

On the other hand, this works fine in all browsers:

location.href='script.cgi?var=1&var=2';

Major websites (ie., view the page source on Google) still use the latter method.. even though it is not technically HTML 4.01 valid!

Bernard Marx

1:09 am on Mar 19, 2005 (gmt 0)

I think there is a suggestion that server-side processes should also be prepaed to accept a colon as well as an ampersand. Not sure how many have implemented this.

Rambo Tribble

2:40 am on Mar 19, 2005 (gmt 0)

I think what you want is %26, which is the URL-encoded hexadecimal escaped value for the ampersand; not &, which is the HTML named, character entity.

Parenthetically, it's easy to get URL-encoded values by just typing something like the following in your browser's location window:

javascript:alert(escape('&'));

Umbra

8:14 am on Mar 19, 2005 (gmt 0)

I read that %26 should only be used when you want to use an ampersand in the URL but not as a key delimiter in a query string.

For example, I noticed that when I search in Google for "encoding & ampersand", then the resulting URL in the browser address bar is something like:

[google.com...]

Ony the non-delimiting ampersand (and semi-colon) has been encoded. The page source for that Google search still shows that delimiting ampersands are NOT encoded.

kaled

10:45 am on Mar 19, 2005 (gmt 0)

There is confusion here.

Encoding of special character depends on context. For instance, & must be encoded in HTML but not javascript, however, \ must be escaped in javascript but not in HTML.

Character entitites should not be used in javascript to create urls. You may use %nn to encode characters, however, at no point are these decoded automatically. If data is passed to a static html page using ?param1=%20&param2=%2A you will need to decode the query part of the url using the javascript function unescape.

Kaled.

Rambo Tribble

2:05 pm on Mar 19, 2005 (gmt 0)

As Kaled points out, we have two different contexts here. Within the context of a JavaScript href, the & is just fine and should not be encoded. In an HTML link the & is forbidden and should be escaped. In the HTML link context an HTML character entity will be decoded before the address is passed to the HTTP process; a URL-encoded character will not, as the server can read it directly.

In other words, in your example, the & should be escaped as & only within an HTML link, but left as & within a JavaScript location.href call.

Umbra

5:22 pm on Mar 19, 2005 (gmt 0)

Thanks guys. I was given confused by this previous thread [webmasterworld.com] which did discuss ampersands in location.href, but that was for xhtml.