How do you use character entities in HTML (e.g.,  , <, >)?

How do you use character entities in HTML (e.g.,  , )?

Character entities in HTML are used to display reserved characters or symbols that cannot be directly included in the HTML source code. These are typically represented with an ampersand (&) followed by either a mnemonic or a numeric reference, and concluded with a semicolon (;). Here’s how you use some common character entities:

•  : This represents a non-breaking space. It is used to prevent line breaks between words or other page elements. For example, <p>Hello World</p> ensures that "Hello" and "World" stay on the same line.
• : This stands for "less than" and is used to display the

  in text, you would write <p></p>.

• >: This represents "greater than" and is used to display the > symbol. For example, to show the closing HTML tag as text, you would use .

These entities help browsers render text and symbols correctly that would otherwise be interpreted as HTML code.

What are some common HTML character entities and their uses?

Here are some common HTML character entities and their uses:

• &: Represents the ampersand (&). It’s used to display another entity or to include an ampersand in text. For example, © to display a copyright symbol.
• ©: Represents the copyright symbol (©). It's used to denote copyright information, like © 2023 John Doe.
• ®: Represents the registered trademark symbol (®). Used for branding purposes, such as ® BrandName.
• ": Represents double quotation marks ("). Useful in attributes or to include quotes in text, e.g., <a title='"Quote"'>Link</a>.
• ': Represents a single quotation mark ('). Useful in attributes or to include single quotes in text, e.g., <a title="It's great">Link</a>.

These entities ensure that special characters are displayed correctly and prevent them from being interpreted as HTML code.

How can character entities help in preventing HTML injection attacks?

Character entities play a crucial role in preventing HTML injection attacks, such as cross-site scripting (XSS). HTML injection occurs when malicious code is inserted into a website through user input. By converting special characters into their corresponding HTML entities, you can prevent browsers from interpreting these characters as code. Here's how it helps:

• Escaping User Input: When displaying user-supplied data, converting , <code>>, &, ' and " into , <code>>, &, ', and " respectively, ensures that any injected HTML or JavaScript code is rendered as plain text instead of being executed.
• Preventing Code Execution: For example, if a user tries to inject <script>alert('XSS')</script>, by converting it to <script>alert(&amp;amp;apos;XSS&amp;amp;apos;)</script>, the browser displays the text rather than executing the script.

This practice is known as "escaping" and is a standard security measure in web development to safeguard against HTML injection vulnerabilities.

Where can I find a comprehensive list of HTML character entities?

A comprehensive list of HTML character entities can be found in several authoritative sources:

• W3C (World Wide Web Consortium): The W3C provides an extensive list of named character references in their HTML specification. You can find it at [https://html.spec.whatwg.org/multipage/named-characters.html#named-character-references](https://html.spec.whatwg.org/multipage/named-characters.html#named-character-references).
• HTML Living Standard: The HTML Living Standard, maintained by the WHATWG, also contains a complete list of named character references at [https://html.spec.whatwg.org/multipage/entities.json](https://html.spec.whatwg.org/multipage/entities.json).
• Mozilla Developer Network (MDN): MDN offers a detailed list of HTML entities along with their descriptions and usage examples at [https://developer.mozilla.org/en-US/docs/Glossary/Entity](https://developer.mozilla.org/en-US/docs/Glossary/Entity).

These resources provide detailed information about HTML character entities, including their numeric and named representations, making them invaluable for web developers and designers.

The above is the detailed content of How do you use character entities in HTML (e.g.,  , <, >)?. For more information, please follow other related articles on the PHP Chinese website!