Contains an attribute with an unsafe character

This means that the URL in question contains DOM elements which use an unsafe character, such as &, ", > or <.

Why is this important?

Characters can be unsafe for a number of reasons. The characters "<" and ">" are unsafe because they are used as the delimiters around URLs in free text; the quote mark (""") is used to delimit URLs in some systems. Other characters are unsafe because gateways and other transport agents are known to sometimes modify such characters. These characters are "{", "}", "|", "\", "^", "~","[", "]", and "`".

Such characters are considered unsafe because they make the page vulnerable to a cross-site-scripting attack (or accidentally breaking the page with innocent input).

What does the Hint check?

This Hint will trigger for any internal HTML URL that contains DOM elements which use unsafe characters in an attribute.

Examples that trigger this Hint:

The Hint would trigger for URLs that contain any unsafe character, for example:

<img src="jon&snow.jpg" alt="King in the North">

How do you resolve this issue?

If the page contains unsafe characters, replace the characters with permissible ones. To understand where the issues lie, you will need to investigate further using a HTML validation service. Within Sitebulb, you can jump straight to the corresponding W3 Validation page through the URL List.

To debug in the browser, install a HTML validation Chrome extension and run validation across the page.

Further Reading

• Debugging HTML (MDN Web Docs)