# Bad value for attribute “href” on element “a”: Illegal character in query: space is not allowed.

> Canonical HTML version: https://rocketvalidator.com/html-validation/bad-value-for-attribute-href-on-element-a-illegal-character-in-query-space-is-not-allowed
> Attribution: Rocket Validator (https://rocketvalidator.com)
> License: CC BY 4.0 (https://creativecommons.org/licenses/by/4.0/)

The `href` attribute expects a valid URL, and URLs follow strict syntax rules defined by [RFC 3986](https://datatracker.ietf.org/doc/html/rfc3986). Under these rules, spaces are not permitted anywhere in a URL — not in the path, the query string, the fragment, or any other component. When a browser encounters a space in an `href`, it may attempt to fix the URL by encoding the space automatically, but this behavior is not guaranteed to be consistent across all browsers and contexts. Relying on browsers to silently correct invalid URLs is fragile and can lead to broken links.

This matters for several reasons. First, **standards compliance**: the W3C validator flags this because the HTML specification requires `href` values to be valid URLs. Second, **interoperability**: while most modern browsers handle spaces gracefully on navigation, other consumers of your HTML — such as web crawlers, screen readers, link checkers, and APIs that parse HTML — may not. Third, **accessibility**: assistive technologies rely on well-formed URLs to correctly announce and follow links. A malformed URL could lead to unexpected behavior for users depending on these tools.

The fix is straightforward: replace every literal space character with `%20`. This is called **percent-encoding** (sometimes called URL encoding). The sequence `%20` is the hexadecimal representation of the space character (ASCII code 32). In the query string portion of a URL specifically, you may also see `+` used to represent spaces (as defined by the `application/x-www-form-urlencoded` format), but `%20` is universally valid across all parts of a URL and is the safer choice.

Be aware that spaces can sometimes be hard to spot, especially trailing spaces or spaces introduced by template engines and CMS platforms that concatenate URL parts. If you're generating URLs dynamically (e.g., in a server-side template or JavaScript), use built-in encoding functions like `encodeURIComponent()` in JavaScript or `urlencode()` in PHP rather than manually replacing spaces.

## Examples

### Incorrect: space in the query string

```html
<a href="search.html?q=my search">Search for 'my search'</a>
```

The literal space between `my` and `search` makes this an invalid URL.

### Correct: space replaced with `%20`

```html
<a href="search.html?q=my%20search">Search for 'my search'</a>
```

### Incorrect: spaces in the path

```html
<a href="/files/my document.pdf">Download the document</a>
```

Spaces in the path segment are equally invalid.

### Correct: spaces in the path encoded

```html
<a href="/files/my%20document.pdf">Download the document</a>
```

### Incorrect: multiple spaces across path and query

```html
<a href="/product catalog/items?name=red shoes&category=on sale">Red Shoes</a>
```

### Correct: all spaces encoded

```html
<a href="/product%20catalog/items?name=red%20shoes&amp;category=on%20sale">Red Shoes</a>
```

Note that in addition to encoding the spaces, the `&` in the query string should be written as `&amp;` in HTML to avoid being interpreted as the start of an HTML entity.

### Using JavaScript to encode URLs dynamically

If you're building URLs in JavaScript, use `encodeURIComponent()` for individual parameter values or `encodeURI()` for full URLs:

```html
<script>
  const query = "my search";
  const url = "search.html?q=" + encodeURIComponent(query);
  // Result: "search.html?q=my%20search"
</script>
```

This approach prevents encoding issues by handling all special characters automatically — not just spaces, but also characters like `#`, `&`, `=`, and others that have special meaning in URLs.