On Thu, Aug 5, 2010 at 8:51 PM, Adam Richardson <simples...@gmail.com> wrote:

> I would suggest that saying <tag attribute='bar' /> is "the wrong way" is a
> rather strong assessment.  Whether you're talking about SGML (the
> grandparent), XML (the parent), or XHTML, the use of a single quote is
> perfectly valid, and has served a purpose since inception.  If I'm crafting
> markup and embedding something that has a double quote within an attribute
> (often times an alt attribute on an image), I don't hesitate to use the
> single quote as the attribute delimiter.  That said, it's often easier if
> you standardize on one, and most choose to use double quotes the default
> delimiter.

> That said, if there are some sources to point to that make a case for the
> deprecation of single quotes in (X)HTML attributes, please let me know.

Well, most people use htmlspecialchars() to encode text for safe
display to a browser.

By default, it only encodes double quotes:

"The default mode, ENT_COMPAT, is the backwards compatible mode which
only translates the double-quote character and leaves the single-quote

We've run into issues where we thought our forms were fairly secure,
but some people decided to echo "<input type='string' value='$foo' />"
type stuff, which works fine if you encapsulate attributes in double
quotes, but in single quotes, we found out that anyone who had a
single quote in that value would break the page.

Now, I typically use a central wrapper function for encoding and
decoding, and if it was in use there, sure, I could have thrown in
ENT_QUOTES and solved that issue.

However, the vast majority of everything uses double quotes, and there
is not really a reason to NOT use them.

Of course, I put it out there like that to simply push it because it
should be appropriate for everyone. You are right though - it WILL
work with single quotes (as we can see), but I recommend a single way
of doing things to keep things consistent, and it has been the
unspoken standard everywhere I've ever looked for markup...

(Funny enough, that page has an example with a single quoted attribute)

Leave the single quotes for parameters, indexes, code, not attributes - $.02

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to