On Thu, Aug 5, 2010 at 8:51 PM, Adam Richardson <simpleshot@xxxxxxxxx> wrote: > I would suggest that saying <tag attribute='bar' /> is "the wrong way" is a > rather strong assessment. Whether you're talking about SGML (the > grandparent), XML (the parent), or XHTML, the use of a single quote is > perfectly valid, and has served a purpose since inception. If I'm crafting > markup and embedding something that has a double quote within an attribute > (often times an alt attribute on an image), I don't hesitate to use the > single quote as the attribute delimiter. That said, it's often easier if > you standardize on one, and most choose to use double quotes the default > delimiter. > That said, if there are some sources to point to that make a case for the > deprecation of single quotes in (X)HTML attributes, please let me know. Well, most people use htmlspecialchars() to encode text for safe display to a browser. By default, it only encodes double quotes: http://php.net/htmlspecialchars "The default mode, ENT_COMPAT, is the backwards compatible mode which only translates the double-quote character and leaves the single-quote untranslated." We've run into issues where we thought our forms were fairly secure, but some people decided to echo "<input type='string' value='$foo' />" type stuff, which works fine if you encapsulate attributes in double quotes, but in single quotes, we found out that anyone who had a single quote in that value would break the page. Now, I typically use a central wrapper function for encoding and decoding, and if it was in use there, sure, I could have thrown in ENT_QUOTES and solved that issue. However, the vast majority of everything uses double quotes, and there is not really a reason to NOT use them. Of course, I put it out there like that to simply push it because it should be appropriate for everyone. You are right though - it WILL work with single quotes (as we can see), but I recommend a single way of doing things to keep things consistent, and it has been the unspoken standard everywhere I've ever looked for markup... (Funny enough, that page has an example with a single quoted attribute) Leave the single quotes for parameters, indexes, code, not attributes - $.02 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
