14

I have read I should encode my ampersands as & in HTML.
However numerous code samples from respected companies somehow forget to do this.

Just a few examples off the top of my head:

Google Web Fonts sample code:

<link href='http://fonts.googleapis.com/css?family=PT+Sans&subset=latin,cyrillic' rel='stylesheet' type='text/css'>

Google Maps documentation:

<script type="text/javascript" src="http://maps.googleapis.com/maps/api/js?sensor=false&language=ja">

Twitter Anywhere official tutorial:

<script src="http://platform.twitter.com/anywhere.js?id=YOUR_API_KEY&v=1" type="text/javascript"></script>

Is there any real benefit from not escaping ampersand in links?
Is this related to browser quirks? Is this just a mistake in documentation?

Dear answerers, please make sure you're answering the right question.

I know I should escape ampersands per spec. I also know why the mechanism was invented in the first place. I'm not asking about this. My question is:

Is there a reason API documentation by respectable companies often violates this rule?

Community
  • 1
  • 1
Dan Abramov
  • 264,556
  • 84
  • 409
  • 511
  • Answerers, please note that they are not doing this because it's correct. Failing to encode the ampersands actually violates the [HTML 4.1 specification, section 5.3.2: Character entity references](http://www.w3.org/TR/html401/charset.html#h-5.3.2): *Authors should use "&" (ASCII decimal 38) instead of "&" to avoid confusion with the beginning of a character reference (entity reference open delimiter). **Authors should also use "&" in attribute values since character references are allowed within CDATA attribute values.*** – Jeremy Jan 16 '12 at 01:40
  • 1
    Dan, I realize you already linked to a question about that in your post, but the current answerers seem to have missed it. – Jeremy Jan 16 '12 at 01:52

2 Answers2

5

Two different contexts here.

  1. Within the context of a javascript href, the & is just fine and should not be encoded.
  2. In an HTML link the & is forbidden and should be escaped.

In the HTML link context an HTML character entity will be decoded before the address is passed to the HTTP process; a URL-encoded character will not, as the server can read it directly.

Pandaski
  • 140
  • 10
4

Is there any real benefit from not escaping ampersand in links?

It saves a few keystrokes.

Is this related to browser quirks?

No

Is this just a mistake in documentation?

Yes

Is there a reason API documentation by respectable companies often violates this rule?

Ignorance and/or laziness. Browsers perform error recovery so they either don't notice the errors or they don't care. The documentation probably isn't written by their best experts.

Quentin
  • 914,110
  • 126
  • 1,211
  • 1,335