# Bad value X for attribute “href” on element “a”: Illegal character in path segment. “[” is not allowed.

> Canonical HTML version: https://rocketvalidator.com/html-validation/bad-value-x-for-attribute-href-on-element-a-illegal-character-in-path-segment-square-bracket-is-not-allowed
> Attribution: Rocket Validator (https://rocketvalidator.com)
> License: CC BY 4.0 (https://creativecommons.org/licenses/by/4.0/)

Square brackets (`[` and `]`) are not valid characters in a URL path and must be percent-encoded.

The HTML specification requires that the `href` attribute on an `<a>` element contains a valid URL. According to RFC 3986, square brackets are reserved characters that are only permitted in the host component of a URI (specifically for IPv6 addresses like `[::1]`). When they appear in the path, query, or fragment components, they must be percent-encoded as `%5B` for `[` and `%5D` for `]`.

This commonly happens with URLs that contain array-like query parameters (e.g., `filter[status]=active`) or paths that include brackets for some framework-specific routing convention.

To fix the issue, replace every `[` with `%5B` and every `]` with `%5D` in the URL path or query string.

## HTML examples

### Invalid: square brackets in the URL

```html
<a href="/products?filter[color]=red&filter[size]=large">
  Red, large products
</a>
```

### Valid: percent-encoded square brackets

```html
<a href="/products?filter%5Bcolor%5D=red&filter%5Bsize%5D=large">
  Red, large products
</a>
```

The encoded version is functionally equivalent. Most web servers and frameworks will decode `%5B` and `%5D` back to `[` and `]` automatically when processing the request.