Confused about & in entity literal

roddey at roddey at
Mon May 10 19:29:13 BST 1999

>> In this one, there is definitely an ampersand in an entity literal which is
>> part of a numeric character reference or an intrinsic character reference.
>> spec does not seem to day "No raw & in an entity value unless its a numeric
>> or intrinsic ref, or some other reference that's just left unexpanded",
>> It just says that there can be no ampersands in an entity value unless its
>> of a numeric reference or an intrinsic reference.
>Have a closer look at production 9:
>    [9] EntityValue ::=
>         '"' ([^%&"] | PEReference | Reference)* '"' |
>         "'" ([^%&'] | PEReference | Reference)* "'"
>Which _does_ say that you can't have a raw '&' in an entity value etc.
>That's what the excslusion syntax means.

So its like you have to parse the entity value and, if you find an ampersand,
you have to parse it like an entity reference. If it happens to be either a
numeric reference or the name happens to match one of the intrinsic entity
names, then you should expand that and escape the character it generates?
Otherwise, if it happens to look like a reasonable entity reference, I guess you
are supposed to ignore it and just pass it through as is? If it does not look
like a reasonable entity reference, then you give an error?

What about this scenario?

<!ENTITY Foo "&[insert 128K of what is really the rest of a base64 encoded or
encrypted piece of text];">

In this scenario, the entity is an encoded value of some sort, which just
happens to start with an ampersand and end with a semi-colon. It has no illegal
name chars in it and no spaces. You are supposed to buffer up all of that text,
and if it happens to end with a semicolon, assume that it is a legal reference
and pass it through?

Yes I know that the ampersands should have been escaped technically, but how
many parsers would blow up in this situation trying to buffer up that much text?
How would the end user of that text figure out again where the escaped
ampersands are in the text since its basically a totally meaningless sequence of
characters to begin with?

I know that these are pathological cases, but I just want to make sure that I
understand what's required and that everyone has throught it through before I
commit (yet again) to writing this part of the code, since I obviously flubbed
it slightly the first time around.

xml-dev: A list for W3C XML Developers. To post, mailto:xml-dev at
Archived as: and on CD-ROM/ISBN 981-02-3594-1
To (un)subscribe, mailto:majordomo at the following message;
(un)subscribe xml-dev
To subscribe to the digests, mailto:majordomo at the following message;
subscribe xml-dev-digest
List coordinator, Henry Rzepa (mailto:rzepa at

More information about the Xml-dev mailing list