Is it necessary to html encode right angle brackets?

Question

I'm adding some meta description data to my header like so:

HtmlMeta meta = new HtmlMeta();
meta.Name = "description";
meta.Content = description; // this is unencoded
page.Header.Controls.Add(meta);

And .net helpfully encodes things like & and <, but not >. Now, I can't imagine that this would be an oversight, so I conclude that it's unnecessary to escape them. But before I go back to the client with that answer, it would be nice to get confirmation by Some Strangers From The Intarwebs first :)

this is duplicate question, https://stackoverflow.com/questions/7381974/which-characters-need-to-be-escaped-in-html was first — no matter is it asp or whatever was used to generate the (H)TML spec is the same — revelt, Jan 07 '20 at 14:01

score 4 · Accepted Answer · answered Sep 12 '11 at 15:05

4

According to the XML specification > is indeed valid for attributes. Only <, & and " or ' need escaping.

[10]    AttValue    ::=    '"' ([^<&"] | Reference)* '"'
                         | "'" ([^<&'] | Reference)* "'"

answered Sep 12 '11 at 15:05

Diadistis

12,086
1
33
55

Interesting. It appears that .net is **not** escaping "'". – user568259 Sep 12 '11 at 15:10
.Net 4.0 test : `meta.Content = "&<>\"'";` -> `content="&<>"'"` – Diadistis Sep 12 '11 at 15:17
1

Hm. Maybe I'm confused, or what I think is an "'" is actually something else. At any rate, my first question was answered. Thank you, Knowledgeable Stranger from the Internet! – user568259 Sep 12 '11 at 15:25

Is it necessary to html encode right angle brackets?

1 Answers1

Linked