I feel like whenever I see the ampersand on this website, it’s followed with “amp;”. I’ve noticed it other places on the internet also. Why does this happen? Is it some programming thing?
The reason is because a programmer at some point decide that & should indicate the start of a special symbol in HTML. In programming parlance this is a means of “escaping” characters which are reserved.
For example, in HTML, things look something like this:
The p in the less than and greater symbol symbols means “paragraph” where the ending version with the slash means “the paragraph is done”.
However, there’s a problem. What if you wanted to actually type out <p> to the end-user and have it not be treated as HTML? You use the ampersand syntax to write < by using < and > by using >.
I want to tell other people how to use our new code, but if I tell them to “just write ÷” it’ll turn my message into “just write ÷” !! So how can we fix this?
What if we make & its own code?
& —> &
&divide; —> ÷ ???
Yes! That’ll work :)
This is how & came to be, and it’s specifically used in HTML as a way to write those symbols above (and escape other a few other symbols for similar reasons we did with &)
As for why & shows up as &, there are 2 main places I can see this happening:
The editor you use to write it automatically converts an & —> &. But the user typed in & (making it &amp;). I think this is most likely. I’m guessing the title of posts automatically do the conversion, but the post body and comments do not because it uses a raw markdown editor
In some contexts the & specifically doesn’t get converted? like how you can write &amp; to get & as opposed to seeing &
Let’s see of I can give a trimmed-down explanation of what “character escapement” is, because others have covered that & in web-land is an escapement character.
The simplest type of escapement is probably quotes.
<span style="color:#323232;">var myString = "This is a string";
</span>
This little line of pseudo-code is roughly what you would write (depending on language) to make a program write the text This is a string into some location in memory, that is, a sequence of numbers that are the standard numbers for representing those letters.
Here, the double-quote character is serving a special purpose, to designate that the characters within the set of quotes represent not instructions for things that the program should do, but instead just bits of data that the program should load.
Now consider: what if the character data that you want to load into memory has an actual double-quote character within it? How does the compiler (the program that turns your code into its own program) know the difference between a double-quote character that’s supposed to serve the special purpose, and a double-quote character that’s just supposed to be a piece of data like the other characters? The answer is escapement.
<span style="color:#323232;">var myString = "This is a "string"";
</span>
Here, the backslash character serves its own special purpose of escaping other characters. When the compiler is reading this code, it knows that whatever character follows the backslash is supposed to be interpreted specially: in this case, the double-quote should not be interpreted as the end of the string, as usual, but as just a character to be put within the string. The backslash doesn’t end up in memory with the other characters, but it tells the compiler how to interpret things.
In web-land, ampersand is an escape character. If you want to embed plain text to be displayed on the screen, within HTML, you need to “escape” special characters that have a non-text purpose normally, in order to get those characters to display as text. Ampersand is the escape character in HTML, and by extension, it also has its OWN escape sequence, which is &.
The reason you see & in places across Lemmy is likely just due to a bug of some kind. Somewhere between when the user is entering this text, and when it later gets displayed, there’s code that’s adding escapement to the text an extra time than is necessary.
Now that there are numbers or names associated with everything, the programmers need a way to tell the browser that this number or text should be used to refer to a symbol. To do this, they use an Escape Character, a symbol that tells the browser to treat what follows as a lookup. That escape character in HTML is the ampersand, so & yen; will display as the symbol for Japanese Yen, ¥. The semicolon denotes the end of the Escape Sequence.
So with Ampersand having a special meaning, to show an actual ampersand you would typically use & amp; and the browser would turn it back into &. However, if you’re not looking at the text in a browser, or if the area where the text is displayed doesn’t understand the & amp; notation, then you will see it exactly as you described.
There are good reasons why software may wish to ignore escape characters, but this likely comes down to human error. There are many programming problems that have been solved for decades, but occasionally you’ll still see them appear in newer software for that reason.
From my own work, I certainly have code that isn’t 100% right, but it works well enough that I instead spend my time in other areas.
It’s because some part of the post is being sanitized to reduce the possibility of a security flaw by someone managing to type in something that could be executed by the server or your web browser in an unexpected way.
In terms of security, Lemmy now performs HTML sanitization on all messages which are submitted through the API or received via federation. Together with the tightened content-security-policy from 0.18.2, cross-site scripting attacks are now much more difficult.
The & symbol is however incorrectly parsed by the sanitizer, which will eventually be patched by the devs.
Add comment