Explain Codes LogoExplain Codes Logo

The reference to entity "foo" must end with the ';' delimiter

html
entity-references
html-entities
url-encoding
Anton ShumikhinbyAnton Shumikhin·Mar 8, 2025
TLDR

Did the error "The reference to entity "foo" must end with the ';' delimiter" catch you off-guard? It's because a HTML entity isn't closed with a required semicolon (;). Append ; to the entity reference:

Wrong: &foo Right: &foo;

Close all HTML entities with ; to bypass parsing errors.

Dealing with HTML entities and proper encoding

For including special characters in HTML or XML, entity references are your go-to. They start with an ampersand (&) and end with a semicolon (;). This issue crops up frequently inside element attributes, particularly src in input tags, where you tend to use URL parameters.

Encoding URLs in HTML attributes: No more confusion

Ever included a URL with multiple query parameters? If so, you probably forgot to encode the ampersands (&) in the URL. Sure, even I overlooked it while making a Google Checkout sandbox:

Wrong ⛔:

<!-- Why is there so much & in my life? 🤔 -->
<input src="http://example.com/process?g=product&w=10&h=20">

Right ✔:

<!-- Phew! No more "&" confusion. Yay! 🎉 -->
<input src="http://example.com/process?g=product&amp;w=10&amp;h=20">

In the first example, the HTML parser mistakes &w as the start of an entity reference. But alas, it's just part of a URL query string. Replace & with &amp;, and you're good to go—we're aiming for XHTML compliance here.

Special characters in URLs - No more headaches

When a URL is inside an HTML attribute (like src or href), special characters like ampersand (&) need to be escaped to avoid mixing it up with HTML syntax.

Some developers replace & with &amp;amp; in XHTML or XML. However, that's like throwing a wrench in the works—you would be encoding it twice! Keep it simple. Write & as &amp;.

Beware of common entity misunderstandings

Developers make mistakes when dealing with HTML entities. Like tripping over a stone, it's often avoidable:

  • Omitting the semicolon in entities, e.g., &copy instead of &copy;.
  • Misinterpreting URL ampersands (&) as entity starters within HTML attributes.
  • Using &apos; in HTML, which isn't universally understood. Resort to &lsquo; or &rsquo; for single quotes.

Validate or incur complications

Coding without validation is like sailing without a compass. Validating your code with services like W3C Markup Validation Service helps catch entity mistakes, keeping your code clean and error-free.

Web security considerations when escaping entities

Proper escaping of entities isn't just for code hygiene—it's also a matter of security. Poorly escaped or unescaped entities can lead to Cross-Site Scripting (XSS) attacks. Stay safe with pointers from the OWASP XSS Prevention Cheat Sheet.

explain-codes / Html / The reference to entity "foo" must end with the ';' delimiter
Linked

Do I encode ampersands in <a href...>?

How do I escape ampersands in XML so they are rendered as entities in HTML?

What is &amp used for

How can I escape a single quote?

Single vs Double quotes (' vs ")

Angle bracket (<) without triggering html code

How to build query string with Javascript

Dealing with HTML entities and proper encoding
Linked

Do I encode ampersands in <a href...>?

How do I escape ampersands in XML so they are rendered as entities in HTML?

What is &amp used for

How can I escape a single quote?

Single vs Double quotes (' vs ")

Angle bracket (<) without triggering html code

How to build query string with Javascript