BUG: Special Characters Are Getting Converted Inside String

ID: Q212704

The information in this article applies to:
  • Microsoft Internet Explorer (Programming) versions 3.0, 3.01, 3.02, 4.0, 4.01, 4.01 SP1, 4.01 SP2, 5.0dp1, 5_beta

SYMPTOMS

Internet Explorer converts all instances of named entities inside an HTML document, even when common convention dictates that it should not, such as inside tag attribute quoted strings.

For example, Internet Explorer would treat the following opening anchor tag as if the URL contained a less than (<) symbol in the middle.


<a href="test.asp?param1=value1&ltname=value2">


RESOLUTION

Change any instances of ampersands in the HTML document to the following:

<![CDATA["&amp;"]]>

If the page should be converting the ampersand combination as a named entity, ensure that the named entity is correctly terminated by a semicolon. Change query string parameters for URLs that are not generated by form submittals so they don't use names similar to typical named entities.


STATUS

Microsoft has confirmed this to be a bug in the Microsoft products listed at the beginning of this article.This problem was corrected in Internet Explorer 5.


MORE INFORMATION

Steps to Reproduce Behavior

The following HTML page demonstrates this bug: 

<HTML><HEAD><TITLE>Entity Parsing Demonstration</TITLE></HEAD>
<BODY>
Right-click on the links to see the URL in Properties<p>

<a href="test.asp?param1=value1&current=value2">curren problem</a><BR>
<a href="test.asp?param1=value1&ltname=value2">lt problem</a><BR>

<input type=button value="Hello&gt"><BR>
</BODY>
</HTML>
When viewing this page in Internet Explorer 4, the strings inside the HTML tags are parsed as if they contained entities, despite the common convention of parsing only entities that are terminated by semicolons. As a result, the ampersand-"curren" in the middle first URL is converted to the currency character, the ampersand-"lt" in the middle of the second URL is converted to a less-than symbol, and the ampersand-"gt" and the end of the button value is converted to a greater than symbol.

The incorrectly parsed URLs can be viewed in the Internet Explorer status bar when mousing over the hyperlinks, or by right-clicking on the hyperlink and choosing the Properties option.

NOTE: In Internet Explorer 5, numeric entities may still be converted in inconvenient situations, as in the following example: 

<A HREF="javascript:"dostuff(http://somesite.asp?queryvalue1=%3fstuff%3f’);">

© Microsoft Corporation 1999, All Rights Reserved.
Contributions by Jason Strayer, Microsoft Corporation

Additional query words: kbDSupport

Keywords : kbCustomHTML kbIE300bug kbIE301bug kbIE400bug kbIE401bug kbIE302bug kbIE401sp1bug
Version : WINDOWS:3.0,3.01,3.02,4.0,4.01,4.01 SP1,4.01 SP2,5.0dp1,5_beta
Platform : WINDOWS
Issue type : kbbug


Last Reviewed: November 17, 1999
© 2000 Microsoft Corporation. All rights reserved. Terms of Use.