how to encode href attribute in HTML

荒凉一梦 提交于 2019-11-30 07:59:16

问题


What should be done against contents of href attribute: HTML or URL encoding?

<a href="???">link text</a>

On the one hand, since href attribute contains URL I should use URL encoding. On the other hand, I'm inserting this URL into HTML, so it must be HTML encoded.

Please help me to overcome this contradiction.

Thanks.


EDIT:

Here's the contradiction. Suppose there might be the '<' and '>' characters in the URL. URL encoding won't escape them, so there will be reserved HTML characters inside the href attribute, which violates the standard. HTML encoding will escape '<' and '>' characters and HTML will be valid, but after that there will be unexpected '&' characters in the URL (this is reserved character for URL, it's used as a delimiter of query string parameters).

Reserved URL characters forms a superset of reserved HTML characters except for the '<' and '>' that are reserved for HTML but not for URL.


EDIT 2:

I was wrong about '<' and '>' characters, they are actually percent escaped by URL encoding. If so, URL encoding is sufficient in this case, isn't it?


回答1:


Construct a URL as normal. Follow the rules for constructing URLs. Encode data you put into it.

Then construct HTML as normal. Follow the rules for constructing HTML. Encode data as you put it into it.

i.e. Do both (but in the right order).

They aren't mutually exclusive, so there is no contradiction.

For example (this is a simplified example that assumes data in $_GET is correct and exists, don't do that in the real world):

$search_term = $_GET['q'];
$page = $_GET['page'];
$next_page = $page + 1;
$next_page_url = 'http://example.com/search?q=' . urlencode($search_term) . '&page=' . urlencode($page);
$html = '<a href="' . htmlspecialchars($next_page_url) . '">link text</a>';


来源:https://stackoverflow.com/questions/10189489/how-to-encode-href-attribute-in-html

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!