In html does the text inside the img tag's alt attribute require encoding/escaping?
Non encoded example:
<img src="myimg.png" alt="image description" />
Encoded example:
<img src="myimg.png" alt="image%20description" />
views:
529answers:
4
+1
A:
No it does not. Encoding is for URLs as in http://en.wikipedia.org/wiki/Dream%20Theater, which the alt string is not.
You will need to use entity-encoding to escape > as >, and " as ", though. Note that that is different from URI encoding where special characters are encoded as a percent sign plus two hex digits.
John Kugelman
2009-07-22 14:24:00
+8
A:
No, it does not need to be encoded like a URI. However, HTML characters must be encoded, like this...
<img src="myimg.png" alt="Me & my image" />
Josh Stodola
2009-07-22 14:25:35
Replace "should" with "must" -- at least if you want to pass a validator
kdgregory
2009-07-22 14:26:40
Replace with must if you don't want be caught out putting quotes in there.
Matthew Scharley
2009-07-22 14:27:43
Replace with must if you don't want the yellow screen of death (assuming you are serving your XHTML as application/xhtml+xml, othewise writing XHTML is just more trouble then it is worth)
David Dorward
2009-07-22 14:30:06
You're right guys. Sorry about that. Although with HTML5 on the horizon, I am still not sure how important it is.
Josh Stodola
2009-07-22 14:37:20
+3
A:
They do not require URL encoding, but they do require, as all XHTML attributes do, XHTML entity encoding.
Incorrect:
<img src="foo.gif" alt="Ben & Jerry's" />
Correct:
<img src="foo.gif" alt="Ben & Jerry's" />
You would also need to encode double-quotes within the values, even though you don't have to do that in general text.
Reference:
richardtallent
2009-07-22 14:26:58
A:
You should use HTML encoding (i.e. " becomes "), not URL encoding. If you are using ASP.NET you can achieve this with Server.HtmlEncode or better yet use the HtmlAttributeEncode method in the AntiXSS Library on CodePlex.
Colin Bowern
2009-07-22 14:29:21