Should the percent symbol (%) always be HTML-escaped?

In URLs, the percent sign (%) has a special meaning, so it should be escaped. In HTML, it does not, so it is not necessary to escape it.


I'd like to add this - if you use javascript in href, you are in troubles too. Check this example:

http://jsfiddle.net/cs4MZ/

One of the workarounds might be using onclick instead of href.


I agree with the chosen answer, but would like to qualify the statement “it is not necessary to escape it.”

If you have a need (or desire) to escape a percentage sign in HTML code, (and there are good reasons to do this with any potentially ambiguous character or symbol) then I would highly recommend using the percentage entity code % as opposed to any numeric code. (those I use when there is no entity name you could use)

That was the answer I was looking for when I found this page, because I forgot it looses the final "e".

We should probably all be using at least the entities kindly listed here. (whoever Webmasterish is; thank you)

Reasoning: Numeric codes (and particularly byte codes from unencoded characters) change with code–pages, on systems using different default languages, and / or different operating systems. (Windows and Mac using slightly different code sets for “English” being the classic, which still plagues plain–text eMail sent between Apple Mail and Outlook) This is slowing down, and should stop with UTF, but I'm still seeing it pop up.

If you're converting HTML to some other mark–up, (note, I used "&ndash;" not a "-", or even "&minus;" for the same reason) such as LaTeX, DVI, PostScript or even MarkDown, then it's useful to completely squash any ambiguity… And those processes tend to happen on the information you least expect to be used in such a way when you initially write it. So just get used to doing it everywhere and be grateful to your former self for having had the foresight to do so. Probably years down the line, when you're looking to update formulae to be more readable by utilising MathJax or such, and keep picking up hyphenated words. <swearmarks>

Tags:

Html

Encoding