# Bad value for attribute “href” on element “a”: Illegal character in scheme data: “\” is not allowed.

> Canonical HTML version: https://rocketvalidator.com/html-validation/bad-value-for-attribute-href-on-element-a-illegal-character-in-scheme-data-is-not-allowed
> Attribution: Rocket Validator (https://rocketvalidator.com)
> License: CC BY 4.0 (https://creativecommons.org/licenses/by/4.0/)

The W3C HTML Validator raises this error when it encounters a backslash character (`\`) inside the `href` attribute of an anchor element. According to the WHATWG URL Standard, backslashes are not valid characters in URL scheme data. URLs are defined with forward slashes (`/`) as delimiters — this applies to all parts of a URL, including the scheme, authority, path, query, and fragment.

This issue most commonly occurs when developers copy file paths from Windows operating systems, where backslashes are the default path separator (e.g., `C:\Users\Documents\file.html`), and paste them directly into HTML markup. It can also happen when server-side code generates URLs using OS-level path functions that produce backslashes on Windows.

### Why this matters

- **Standards compliance:** The WHATWG URL Standard explicitly forbids backslashes in scheme data. Validators flag this as an error because the resulting URL is malformed.
- **Cross-browser inconsistency:** While some browsers may silently correct backslashes to forward slashes, this behavior is not guaranteed across all browsers or versions. Relying on browser error correction leads to fragile code.
- **Broken links:** Certain browsers, HTTP clients, or intermediary servers may not auto-correct the backslash, causing the link to fail entirely — resulting in 404 errors or unexpected navigation.
- **Security concerns:** Backslashes in URLs can be exploited in certain attack vectors like open redirects or path traversal attacks. Using well-formed URLs reduces the attack surface.

### How to fix it

1. **Replace all backslashes (`\`) with forward slashes (`/`)** in your `href` values.
2. **Check for URL generation in server-side code.** If your application builds URLs programmatically, ensure it uses forward slashes regardless of the host operating system.
3. **Use relative or absolute URLs consistently.** Whether the URL is relative (`images/photo.jpg`) or absolute (`https://example.com/images/photo.jpg`), always use forward slashes.

## Examples

### Incorrect: backslashes in a relative path

```html
<a href="pages\about\team.html">Meet the Team</a>
```

### Correct: forward slashes in a relative path

```html
<a href="pages/about/team.html">Meet the Team</a>
```

### Incorrect: backslashes in an absolute URL

```html
<a href="https://example.com\blog\2024\post.html">Read the Post</a>
```

### Correct: forward slashes in an absolute URL

```html
<a href="https://example.com/blog/2024/post.html">Read the Post</a>
```

### Incorrect: Windows file path pasted directly

```html
<a href="assets\downloads\report.pdf">Download Report</a>
```

### Correct: converted to a proper relative URL

```html
<a href="assets/downloads/report.pdf">Download Report</a>
```

### Incorrect: mixed slashes

Sometimes a URL contains a mix of forward and backslashes, which also triggers this error:

```html
<a href="https://example.com/images\photos\sunset.jpg">View Photo</a>
```

### Correct: all forward slashes

```html
<a href="https://example.com/images/photos/sunset.jpg">View Photo</a>
```

A quick way to audit your HTML files is to search for `\` within any `href` (or `src`, `action`, etc.) attribute values and replace them with `/`. In most code editors, you can use find-and-replace scoped to attribute values to handle this efficiently.