I just found out you may - even in current HTML use entity references in attribute values, it’s just you don’t have to anymore, when the ampersand is not ambiguous.
The spec states it as: “Attribute values are a mixture of text and character references, except with the additional restriction that the text cannot contain an ambiguous ampersand.”
Whereas in the the days before HTML5 this has been mandatory.
> HTML 4.01 Specification – Appendix B.2.2 “Ampersands in URI attribute values”
> Unfortunately, the use of the “&” character to separate form fields interacts with its use in SGML attribute values to delimit character entity references.
You're supposed to escape & anywhere in HTML, not just in text nodes. If you don't (and many don't) it'll probably work, but browser first tries to interpret it as a start of an entity anyway. Even if it is inside a href etc.
In HTML escaping & is kind of optional and the browser just tries to figure out what you mean, but if you are doing things properly you should use & in href attributes.
We do XML processing, albeit with XQuery, as a small business.
It is a very niche solution but actually very stable and quite handy for all kinds of data handling; web-based applications and APIs as it nicely integrates with all kinds of text-based formats such as JSON, CSV or XML.
Yet I can easily comprehend how people get lost in all kinds of standards, meta-standards, DTDs, schemas, namespaces, and modeling the whole enterprise in SOAP.
However, you can do simple things simply and small, but in my experience, most tools promised to solve problems with ever-layered complexities.
Little disclaimer, I am probably biased, as I am with BaseX, an open-source XQuery processor :-)
I am a BaseX user and I really appreciate it! I actually do not mind XML at all. XQuery and BaseX makes searching large numbers of XML file or just one large XML file really easy.
We also use BaseX to write restful backends with RestXQ - https://docs.basex.org/12/RESTXQ - the documentation itself is written in XQuery as well and uses a BaseX database as a source.
My reasoning is two fold - I haven’t shared anything that could be exploited by anyone. And second, Meta and others in the industry try to share information about how their integrity efforts work so we can learn from each other.
“Legal peril” and “I think” are not compatible, for a rational person. “I know” is where you want to be, before putting yourself in front of one of the largest collections of lawyers on the planet.
This is not some general blanket approach you can take to talking about internal implementations. You are either right, or wrong. There is no middle ground or "I think". If you've signed an NDA around these internal implementations I would wager that NDA came with a clause to not discuss it without consulting Meta, even after your departure.
And it's obviously BS that companies can abridge a citizen's freedom of speech after the employment agreement ends. If this individual wants to be the case on the lawsuit that's a long time coming, more power to them.
This Supreme Court is not big-tech-friendly; good time to shift up the precedent.
Have you never seen https://engineering.fb.com/? Engineers there blog about their tech tools all the time. "Legal peril" sounds like a bit of a stretch.
These posts are all thoroughly reviewed by comms and legal teams. In onboarding, it’s thoroughly communicated that you need to go through the proper channels to publicly publish anything with technical details.
Thinking about it, it is a little surprising as, if I remember correctly, in HTML source you should encode & as & right?
reply