Heavily illegal. The special characters should be encoded, as usual,
as %xx. (This is because ACTION specifies a URL.)
> > ...form goes here
> > </form>
>
> > My question relates to how the i/o redirection character (or any special
> > character) is to be treated when used within quotes inside of a standard
> > HTML directive. Should special characters be completely protected when
> > quoted inside of a directive?? Does it make sense to specify that escapes
> > such as > be used within quoted strings? Where should this go in the
> > spec? (I looked for it, and can't find it - please point me there if I
> > missed it.
>
> Page 331 of Goldfarb's SGML Handbook says that parsers derive the attribute
> value from the attribute value literal (the stuff between the quote marks)
> by replacing any entity references or character references within the literal
> and then normalising by replacing any contiguous whitespace by a single
> space character. Note you can use " or ' as quote marks for attribute value
> literals.
>
> Thanks for pointing out this topic - it is rather obscure and clearly needs
> to be included in the HTML+ spec. I can garantee that most browsers are
> currently doing the wrong thing for attributes!
Bleah. Let's be more restrictive. An encoding method exists for URLs
anyway; other attributes/values can be limited to reasonable characters.
This keeps things simple.
Marc