[xml error]Unescaped & or nonterminated character/entity reference

发布 : 2017-04-01 分类 : IT 浏览 :





Yes. Just as the error said, in HTML, attributes are #PCDATA meaning they’re parsed. This means you can use character entities in the attributes. Using & by itself is wrong and if not for lenient browsers and the fact that this is HTML not XHTML, would break the parsing. Just escape it as & and everything would be fine.

HTML5 allows you to leave it unescaped, but only when the data that follows does not look like a valid character reference. However, it’s better just to escape all instances of this symbol than worry about which ones should be and which ones don’t need to be.

Keep this point in mind; if you’re not escaping & to &, it’s bad enough for data that you create (where the code could very well be invalid), you might also not be escaping tag delimiters, which is a huge problem for user-submitted data, which could very well lead to HTML and script injection, cookie stealing and other exploits.

Please just escape your code. It will save you a lot of trouble in the future.

本文作者 : 小凡
原文链接 : https://16bh.github.io/2017/04/01/xml-error-Unescaped-or-nonterminated-character-entity-reference/
版权声明 : 本博客所有文章除特别声明外,均采用 CC BY-NC-SA 4.0 许可协议。转载请注明出处!