Escaping requirements for the input tag's value attribute

Question

What are the requirements for character escaping in the input tag's value attribute in the HTML markup?

Is it just double quotes that need to be escaped? HTML special characters as well?

I tried looking through the W3C spec, but I couldn't find any specific details on how stuff should be put into the value attribute.

I suppose it goes without saying that " should be escaped to ", but what about the others? Both escaping and not escaping seem to work just fine in all my browsers, but I don't want to pick the unstandard one and wind up with broken HTML or &.

Answer 1

Attribute values only need to have their quote marks escaped.

If the attribute uses double quotes, replace double quotes with ".

If your attribute is contained within single quotes, escape the single quotes in the string with '. Note: don't use '!

These are all valid HTML:

<input value=foo>
<input value="foo">
<input value='foo'>

Note: quotes aren't required to be valid HTML. XHTML however does require quotes. Without quotes, you can't have spaces in the attribute value.