Database Reference
In-Depth Information
as HTML entities so that browsers or other clients understand your intent. To do this,
convert the special characters
<
,
>
,
&
, and
"
to the corresponding HTML entity desig‐
nators shown in the following table.
Special character
HTML entity
<
<
>
>
&
&
"
"
Suppose that you want to display the following string literally in a web page:
Paragraphs begin and end with <p> & </p> tags.
If you send this text to the client browser exactly as shown, the browser will misinterpret
it: the
<p>
and
</p>
tags will be taken as paragraph markers and the
&
may be taken as
the beginning of an HTML entity designator. To display the string the way you intend,
encode the special characters as the
<
,
>
, and
&
entities:
Paragraphs begin and end with
<
p
>
&
<
/p
>
tags.
The principle of encoding text this way is also useful within tags. For example, HTML
tag attribute values usually are enclosed within double quotes, so it's important to per‐
form HTML-encoding of attribute values. Suppose that you want to include a text input
box in a form, and you want to provide an initial value of
Rich
"Goose"
Gossage
to be
displayed in the box. You cannot write that value literally in the tag like this:
<input type="text" name="player_name" value="Rich "Goose" Gossage" />
The problem here is that the double-quoted
value
attribute includes internal double
quotes, which makes the
<input>
tag malformed. To write it properly, encode the double
quotes:
<input
type=
"text"
name=
"player_name"
value=
"Rich "Goose" Gossage"
/>
When a browser receives this text, it decodes the
"
entities back to
"
characters
and interprets the
value
attribute value correctly.
Encoding characters that are special in URLs.
URLs for hyperlinks that occur within HTML
pages have their own syntax and their own encoding. This encoding applies to attributes
within several tags:
<a
href=
"
URL
">
<img
src=
"
URL
">
<form
action=
"
URL
">
<frame
src=
"
URL
">
Many characters have special meaning within URLs, such as
:
,
/
,
?
,
=
,
&
, and
;
. The
following URL contains some of these characters: