What's the de facto practice on ampersand encoding in HTML?

Question

By the HTML specification, an ampersand should be encoded as

&amp;

But of course a lot on the web doesn't do that. Here's an example of an ad widget from Amazon.com:

<iframe
    src="http://rcm.amazon.com/e/cm?t=xyzxyz-20&o=1&p=11&l=ur1&category=textbooks&banner=17P1AE8RQ1T7ZFC62V82&f=ifr"
    width="120"
    height="600"
    scrolling="no"
    border="0"
    marginwidth="0"
    style="border:none;"
    frameborder="0">
</iframe>

Note that the ampersand is not encoded.

For those work a lot with commercial sites, work in a company, or work with many widget codes, do most of these sites actually encode the ampersand?

(In other words, what percentage of top 1k sites try to encode ampersand properly when it is in the URL?)

Stress: this is not about whether it should or should not be encoded. I just want to ask those who work in companies: if you have seen a lot CGI based URL that has an ampersand in it, and this URL is inside an HTML page, in your experience, are they encoded?

possible duplicate of [XHTML and & (Ampersand) encoding](http://stackoverflow.com/questions/275150/xhtml-and-ampersand-encoding) — Phrogz, Jan 22 '11 at 14:35
@Phrogz: Not a duplicate, XHTML and HTML have very different requirements. (Not, granted, in this particular case, but people who don't care about XHTML aren't going to pay much attention to the other question.) — T.J. Crowder, Jan 22 '11 at 14:48
I did little research. Went to google and bing. Search for some product, click on the shopping search. Then look at their html source code. as far as i see, bing sticks with &, but google not always but mostly. — Xah Lee, Jan 22 '11 at 17:00

score 3 · Answer 1 · edited Nov 10 '21 at 03:08

3

It should always be encoded - either as & or as &

However, a browser's parser is very forgiving :-)

edited Nov 10 '21 at 03:08

Peter Mortensen

30,738
21
105
131

answered Jan 22 '11 at 14:37

Kamil Tomšík

2,415
2
28
32

2

The permissiveness of browser parsing should not be used as an excuse for creating invalid content. I have personally seen cases with urls like `` where the browser 'helpfully' interpreted it as ``. It **must** always be encoded. Anything else is asking for trouble. – Phrogz Jan 22 '11 at 14:56
@mu is too short: I don't agree. Ampersand is well supported & de facto standard url mechanism. Why would you switch to semicolons? Because of your laziness? URLs are usually generated through template helpers who take care of encoding for you. – Kamil Tomšík Jan 22 '11 at 17:21
@mu is too short: It is much more readable - you're right. But I don't write URLs (with parameters) by hand - system generates them for me and in this case the compatibility is the only important thing. – Kamil Tomšík Jan 22 '11 at 17:56

Guffa · Answer 2 · 2011-01-22T15:07:36.113

2

My personal experience:

The most common usage is using no practice at all; just put it in the code and see if it works in the browser that they happen to have installed.

More seasoned developers will at least check it in several dfferent browsers.

Those who care enough about robustness will validate the code and encode the characters correctly (which means encoding characters inside URLs also).

edited Jan 22 '11 at 15:07

answered Jan 22 '11 at 14:48

Guffa

687,336
108
737
1,005

@Phrogz: Good point. I clarified that it's my personal experience. :) – Guffa Jan 22 '11 at 15:02

What's the de facto practice on ampersand encoding in HTML?

2 Answers2

Linked