On 19/06/06, Bennett McElwee <[EMAIL PROTECTED]> wrote:
>> <a href="http://www.example.com/go?s=1&t=2";>Go</a>
> Are you sure it's not valid?
Quite sure. Any ampersand appearing in a text node or an attribute is
interpreted as the beginning of an entity reference (e.g. ").
Therefore if you want an ampersand in text or in an attribute (such as
an href), you must encode it as & (or the equivalent Unicode code).
Thanks - still learning ...
I'd assumed that the quotes protected the &, but clearly not.
On the other hand, the snippet:
<a href="s=1&><t=2">a < & &; > &# </a>
passes, so perhaps it's not always necessary to encode &.
Given that one might actually want to check the actual response, I
think a solution would be to add an option to the RE Post-Processor to
decode the response data before scanning.
Clearly the HTML parsing routines need to be checked to ensure that
any links etc are decoded before being used.
S.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
