我真的需要编码 '&'作为“&"? [英] Do I really need to encode '&' as '&'?
问题描述
我在我网站的
中使用带有 HTML5 和 UTF-8 的&
"符号.谷歌在其SERP上显示&符号罚款,标题中的所有浏览器也是如此.>
http://validator.w3.org 给了我这个:
<块引用>&没有开始字符引用.(& 可能应该被转义为 &
.)
我真的需要做&
吗?
我不会为了验证而对我的页面进行验证,但我很想听听人们对此的看法,以及它是否重要以及为什么.
是的.正如错误所说,在 HTML 中,属性是 #PCDATA 意味着它们被解析.这意味着您可以在属性中使用字符实体.单独使用 &
是错误的,如果不是对于宽松的浏览器以及这是 HTML 而不是 XHTML 的事实,将会破坏解析.将它转义为 &
一切都会好起来的.
HTML5 允许您不转义它,但前提是后面的数据看起来不像有效的字符引用.然而,与其担心哪些应该是,哪些不需要,不如逃避这个符号的所有实例.
记住这一点;如果你没有逃避 &到 &,对于您创建的数据(其中代码很可能无效)来说,这已经够糟糕了,您也可能没有转义标记分隔符,这对于用户提交的数据来说是一个巨大的问题,这很可能会导致HTML 和脚本注入、cookie 窃取和其他攻击.
请转义您的代码.以后会省去很多麻烦.
I'm using an '&
' symbol with HTML5 and UTF-8 in my site's <title>
. Google shows the ampersand fine on its SERPs, as do all the browsers in their titles.
http://validator.w3.org is giving me this:
& did not start a character reference. (& probably should have been escaped as
&
.)
Do I really need to do &
?
I'm not fussed about my pages validating for the sake of validating, but I'm curious to hear people's opinions on this and if it's important and why.
Yes. Just as the error said, in HTML, attributes are #PCDATA meaning they're parsed. This means you can use character entities in the attributes. Using &
by itself is wrong and if not for lenient browsers and the fact that this is HTML not XHTML, would break the parsing. Just escape it as &
and everything would be fine.
HTML5 allows you to leave it unescaped, but only when the data that follows does not look like a valid character reference. However, it's better just to escape all instances of this symbol than worry about which ones should be and which ones don't need to be.
Keep this point in mind; if you're not escaping & to &, it's bad enough for data that you create (where the code could very well be invalid), you might also not be escaping tag delimiters, which is a huge problem for user-submitted data, which could very well lead to HTML and script injection, cookie stealing and other exploits.
Please just escape your code. It will save you a lot of trouble in the future.
这篇关于我真的需要编码 '&'作为“&amp;"?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!