HTML and CSS Reference
In-Depth Information"") <= 0) {
}// -->
If a site is dynamically generated from a database, this problem can become more frequent. A SQL database
has no trouble storing a string such as "A&P" in a field, and indeed it is the unescaped string that should be
When you receive data from a database or any other external source, clean it first by escaping these
ampersands. For example, in a Java environment, the Apache Commons library includes a String-EscapeUtils
class that can encode raw data using either XML or HTML rules.
Do not forget to escape ampersands that appear in URL query strings. In particular, a URL such as this:
must become this:;uid=15
This is true even inside href attributes of a elements:
<a href=
Search WWH ::

Custom Search