⬅︎ Back to Why is it important to escape & in href attributes in tags?
It really depends on what you have in that attribute.If you have href="?something&=whatever" you run into a problem if you don't escape the '&'.If you have href="?something& whatever" you also run into a problem.Or if you have href="?something&,something" for that matter.So if you know for a fact that the thing after your maybe-entity-name is an equals char, you're probably OK. Otherwise, likely not.
So as long as I always bundle the key and value with a = in between I'm safe.
Not if the unquoted thing is in the value. "?something=&&" behaves identically to "?something=&&".Not to mention the fact that, of course, the unquoted '&' will terminated the key-value pair.
Comment
It really depends on what you have in that attribute.
If you have href="?something&=whatever" you run into a problem if you don't escape the '&'.
If you have href="?something& whatever" you also run into a problem.
Or if you have href="?something&,something" for that matter.
So if you know for a fact that the thing after your maybe-entity-name is an equals char, you're probably OK. Otherwise, likely not.
Replies
So as long as I always bundle the key and value with a = in between I'm safe.
Not if the unquoted thing is in the value. "?something=&&" behaves identically to "?something=&&".
Not to mention the fact that, of course, the unquoted '&' will terminated the key-value pair.