# Bad value X for attribute “href” on element “a”: Illegal character in query. Y is not allowed.

> Canonical HTML version: https://rocketvalidator.com/html-validation/bad-value-x-for-attribute-href-on-element-a-illegal-character-in-query-y-is-not-allowed
> Attribution: Rocket Validator (https://rocketvalidator.com)
> License: CC BY 4.0 (https://creativecommons.org/licenses/by/4.0/)

A URL in an `href` attribute contains a character that must be percent-encoded before it can appear in a query string.

URLs follow the syntax rules defined in [RFC 3986](https://www.rfc-editor.org/rfc/rfc3986). The query component of a URL (everything after the `?`) allows a specific set of characters: unreserved characters (`A-Z`, `a-z`, `0-9`, `-`, `.`, `_`, `~`), sub-delimiters (`!`, `$`, `&`, `'`, `(`, `)`, `*`, `+`, `,`, `;`, `=`), plus `:`, `@`, `/`, and `?`. Characters outside this set, such as `{`, `}`, `|`, `^`, `[`, `]`, spaces, and non-ASCII characters like `é` or `ñ`, are illegal in their raw form and must be percent-encoded.

Percent-encoding replaces each disallowed byte with a `%` followed by its two-digit hexadecimal value. For example, a space becomes `%20`, a pipe `|` becomes `%7C`, and `{` becomes `%7B`.

Common causes of this error include:

- Pasting a URL directly from a browser address bar or CMS that displays decoded characters.
- Using curly braces for template placeholders in URLs without encoding them.
- Including spaces or non-ASCII characters in query parameter values.

## HTML examples

### Invalid: raw illegal characters in the query string

```html
<a href="https://example.com/search?q=hello world&cat=sci|tech">Search</a>
```

The space between `hello` and `world` and the pipe `|` between `sci` and `tech` are not allowed in a URL query.

### Valid: percent-encoded characters

```html
<a href="https://example.com/search?q=hello%20world&cat=sci%7Ctech">Search</a>
```

Each illegal character is replaced with its percent-encoded equivalent: space is `%20` and `|` is `%7C`.