Posted by Andy Hassall on 11/12/77 11:20

On Mon, 4 Jul 2005 13:26:02 +1200, "windandwaves" <winandwaves@coldmail.com>
wrote:

>I was trying to validate my page (www.thestitches.co.nz/prints.php), but
>when I entered it into validator.w3.org, I got a lot of errors from
>PHPSESSIDs that had been added to all links. I did not do anything with
>PHPSESSIDs and furthermore, when I looked at my source in Firefox, the
>PHPSESSID was not visible. What the hell is going on?

PHP's default configuration produces invalid HTML for session IDs appended by
the transparent sid support when cookies aren't being accepted.

Change the following setting:

arg_separator.output = "&amp;"

By default it is "&" which produces unescaped "&" characters in violation of
HTML 4.01 (sec 5.3.2):

"Authors should use "&amp;" (ASCII decimal 38) instead of "&" to avoid
confusion with the beginning of a character reference (entity reference open
delimiter). Authors should also use "&amp;" in attribute values since character
references are allowed within CDATA attribute values."

Looking on bugs.php.net there are bugs submitted against PHP's default
configuration for this, with the developers marking them as "Bogus" when they
aren't.

e.g. http://bugs.php.net/bug.php?id=28554 http://bugs.php.net/bug.php?id=27965

--
Andy Hassall / <andy@andyh.co.uk> / <http://www.andyh.co.uk>
<http://www.andyhsoftware.co.uk/space> Space: disk usage analysis tool

[Back to original message]