1

By the HTML specification, an ampersand should be encoded as

&

But of course a lot on the web doesn't do that. Here's an example of an ad widget from Amazon.com:

<iframe
    src="http://rcm.amazon.com/e/cm?t=xyzxyz-20&o=1&p=11&l=ur1&category=textbooks&banner=17P1AE8RQ1T7ZFC62V82&f=ifr"
    width="120"
    height="600"
    scrolling="no"
    border="0"
    marginwidth="0"
    style="border:none;"
    frameborder="0">
</iframe>

Note that the ampersand is not encoded.

For those work a lot with commercial sites, work in a company, or work with many widget codes, do most of these sites actually encode the ampersand?

(In other words, what percentage of top 1k sites try to encode ampersand properly when it is in the URL?)

Stress: this is not about whether it should or should not be encoded. I just want to ask those who work in companies: if you have seen a lot CGI based URL that has an ampersand in it, and this URL is inside an HTML page, in your experience, are they encoded?

Peter Mortensen
  • 30,738
  • 21
  • 105
  • 131
Xah Lee
  • 16,755
  • 9
  • 37
  • 43
  • possible duplicate of [XHTML and & (Ampersand) encoding](http://stackoverflow.com/questions/275150/xhtml-and-ampersand-encoding) – Phrogz Jan 22 '11 at 14:35
  • @Phrogz: Not a duplicate, XHTML and HTML have very different requirements. (Not, granted, in this particular case, but people who don't care about XHTML aren't going to pay much attention to the other question.) – T.J. Crowder Jan 22 '11 at 14:48
  • I did little research. Went to google and bing. Search for some product, click on the shopping search. Then look at their html source code. as far as i see, bing sticks with &, but google not always but mostly. – Xah Lee Jan 22 '11 at 17:00

2 Answers2

3

It should always be encoded - either as &amp; or as &#38;

However, a browser's parser is very forgiving :-)

Peter Mortensen
  • 30,738
  • 21
  • 105
  • 131
Kamil Tomšík
  • 2,415
  • 2
  • 28
  • 32
2

My personal experience:

The most common usage is using no practice at all; just put it in the code and see if it works in the browser that they happen to have installed.

More seasoned developers will at least check it in several dfferent browsers.

Those who care enough about robustness will validate the code and encode the characters correctly (which means encoding characters inside URLs also).

Guffa
  • 687,336
  • 108
  • 737
  • 1,005