W3C home > Mailing lists > Public > www-validator@w3.org > February 2005

Re: Ampersands in the HTTP Header

From: Richard Neill <rn214@hermes.cam.ac.uk>
Date: Fri, 25 Feb 2005 03:29:55 +0000
Message-ID: <421E9BB3.20300@hermes.cam.ac.uk>
To: Liam Quinn <liam@htmlhelp.com>, www-validator@w3.org



Liam Quinn wrote:
> On Fri, 25 Feb 2005, Richard Neill wrote:
> 
> 
>>I read your page on Ampersands in URLs, and duly arranged all my
>>URLs to be like this:
>>
>><a href="http://www.example.com/index.php?foo=bar&amp;baz=wombat"> link</a>
>>
>>So far, so good. BUT, if one does the same thing with HTTP headers, eg 
>>this fragment of PHP:
>>
>>
>>$redirect_location='http://www.example.com/index.php?foo=bar&amp;baz=wombat';
>>header("Location: $redirect_location");
>>
>>then it will fail. It is necessary (tested in both Konqueror and 
>>Mozilla) to use '&' , NOT '&amp;' in this case. Otherwise, the '&amp;' 
>>is not evaluated, and the index.php script does not get to know the 
>>value of baz.
> 
> 
> "&" should be escaped as "&amp;" in HTML where "&" has a special meaning
> (as the start of an entity or character reference).  HTTP headers are not
> HTML, and "&" does not have a special meaning in HTTP headers.
> 

Thanks for your help,

In that case, may I suggest that the Validator should check for (and 
flag as an error) this point.

Best wishes

Richard




-- 
rn214@hermes.cam.ac.uk  **  http://www.richardneill.org
Richard Neill, Trinity College, Cambridge, CB21TQ, U.K.
Received on Friday, 25 February 2005 03:29:58 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 25 April 2012 12:14:18 GMT