# Bad value “X” for attribute “href” on element “a”: Illegal character in scheme data: “<” is not allowed.

> Canonical HTML version: https://rocketvalidator.com/html-validation/bad-value-x-for-attribute-href-on-element-a-illegal-character-in-scheme-data-less-than-sign-is-not-allowed
> Attribution: Rocket Validator (https://rocketvalidator.com)
> License: CC BY 4.0 (https://creativecommons.org/licenses/by/4.0/)

A `<` character in an `href` attribute value is not allowed because it is a reserved character in URLs and must be percent-encoded.

The `href` attribute on an `<a>` element must contain a valid URL or URL fragment. Characters like `<`, `>`, `{`, `}`, and others are not permitted directly in URLs according to RFC 3986. The `<` character is especially problematic because browsers and parsers interpret it as the start of an HTML tag, which can break your markup and introduce security risks like XSS vulnerabilities.

This error commonly appears when template syntax (e.g., `{{variable}}`), unescaped user input, or malformed URLs end up inside an `href` value. If you genuinely need a `<` in a URL, it must be percent-encoded as `%3C`. Similarly, `>` should be encoded as `%3E`.

## Example with the issue

```html
<a href="https://example.com/search?q=<value>">Search</a>
```

## How to fix it

Percent-encode the special characters in the URL:

```html
<a href="https://example.com/search?q=%3Cvalue%3E">Search</a>
```

If you're generating URLs dynamically on the server side, use your language's built-in URL encoding function (e.g., `encodeURIComponent()` in JavaScript, `urlencode()` in PHP) to ensure all special characters are properly escaped before inserting them into `href` attributes.