Hacker Newsnew | past | comments | ask | show | jobs | submit | _micheee's commentslogin

Seems Like the recommendation changed from supporting ; and & to only using &.

Thinking about it, it is a little surprising as, if I remember correctly, in HTML source you should encode & as & right?


& as an escape character only applies to text nodes. Of course, if you want to display the URL on a page, you have to escape it, but not in the href.

I just found out you may - even in current HTML use entity references in attribute values, it’s just you don’t have to anymore, when the ampersand is not ambiguous.

The spec states it as: “Attribute values are a mixture of text and character references, except with the additional restriction that the text cannot contain an ambiguous ampersand.”

Whereas in the the days before HTML5 this has been mandatory.

> HTML 4.01 Specification – Appendix B.2.2 “Ampersands in URI attribute values”

https://www.w3.org/TR/html401/appendix/notes.html#h-B.2.2

> Unfortunately, the use of the “&” character to separate form fields interacts with its use in SGML attribute values to delimit character entity references.


That's the same as main body text isn't it? And you have to be able to use them so you can escape " just like you have to escape < in main text.

HTML5 standardized how to interpret formerly invalid documents because it was more important to be consistent than to be correct.


You're supposed to escape & anywhere in HTML, not just in text nodes. If you don't (and many don't) it'll probably work, but browser first tries to interpret it as a start of an entity anyway. Even if it is inside a href etc.

That is incorrect. Entities apply to attributes.

In HTML escaping & is kind of optional and the browser just tries to figure out what you mean, but if you are doing things properly you should use &amp; in href attributes.


We do XML processing, albeit with XQuery, as a small business.

It is a very niche solution but actually very stable and quite handy for all kinds of data handling; web-based applications and APIs as it nicely integrates with all kinds of text-based formats such as JSON, CSV or XML.

Yet I can easily comprehend how people get lost in all kinds of standards, meta-standards, DTDs, schemas, namespaces, and modeling the whole enterprise in SOAP.

However, you can do simple things simply and small, but in my experience, most tools promised to solve problems with ever-layered complexities.

Little disclaimer, I am probably biased, as I am with BaseX, an open-source XQuery processor :-)


I am a BaseX user and I really appreciate it! I actually do not mind XML at all. XQuery and BaseX makes searching large numbers of XML file or just one large XML file really easy.


This reminds me of XForms and its fully declarative approach. It allowed you to add interactivity to your HTML without writing code.


We also use BaseX to write restful backends with RestXQ - https://docs.basex.org/12/RESTXQ - the documentation itself is written in XQuery as well and uses a BaseX database as a source.


> Thank you for signing up for the Postbox Beta. We'll be sure to let you know when the Beta is ready.

Man, I’m getting old: just searched my mail and found this mail from… January 26 2009 :-)

I liked it, but it always felt like it “only” added some quality of life functions to Thunderbird.


Not only software but also infrastructure & protocols: N.T.P.: — https://www.newyorker.com/tech/annals-of-technology/the-thor...

I found it quite a good read!


The built-in unbound dns server has support for blocklists, maybe you want to give it a try: https://docs.opnsense.org/manual/unbound.html


Why so rude?


Why?


If they worked at Facebook/Meta they violated their nda and put themself in legal peril.


I think I’ll be fine.

My reasoning is two fold - I haven’t shared anything that could be exploited by anyone. And second, Meta and others in the industry try to share information about how their integrity efforts work so we can learn from each other.


“Legal peril” and “I think” are not compatible, for a rational person. “I know” is where you want to be, before putting yourself in front of one of the largest collections of lawyers on the planet.


This is not some general blanket approach you can take to talking about internal implementations. You are either right, or wrong. There is no middle ground or "I think". If you've signed an NDA around these internal implementations I would wager that NDA came with a clause to not discuss it without consulting Meta, even after your departure.


I feel like your concern is genuine. But maybe overblown. I haven’t shared any trade secrets so I’m confident I’ll be fine.


technical people want technical confirmation

that does not exist, they can’t understand that

you are fine, thank you for the post


And it's obviously BS that companies can abridge a citizen's freedom of speech after the employment agreement ends. If this individual wants to be the case on the lawsuit that's a long time coming, more power to them.

This Supreme Court is not big-tech-friendly; good time to shift up the precedent.


Have you never seen https://engineering.fb.com/? Engineers there blog about their tech tools all the time. "Legal peril" sounds like a bit of a stretch.


These posts are all thoroughly reviewed by comms and legal teams. In onboarding, it’s thoroughly communicated that you need to go through the proper channels to publicly publish anything with technical details.


Those blog posts likely go through legal, privacy and marketing review.

If you think that Facebook wouldn't enforce an NDA, especially on something sensitive like this, I think you are incorrect.


Keep in mind there has to be damages to be in legal peril. Otherwise there can only be social consequences.


Many NDAs include liquidated damages.


Anecdotally none of the NDAs I've signed included one.


This kind of internal tooling and workflow is almost always under NDA.


I really enjoy watching his videos, if only just for pure entertainment.

I never really touched processing or p5js, still I like the way Daniel introduces and teaches core programming concepts. Seems to be a great guy!


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: