HTML Guide
The boolean required attribute, if present, indicates that the user must specify a value for the input before the owning form can be submitted.
If this property is not present, the input will be considered as optional. To mark an input as required, it’s enough to include the property without any value, or pass it the required value as in these examples:
Example:
<input type="text" required>
<input type="text" required="required">The sandbox attribute is used with the iframe element to isolate the content of the embedded document from the rest of the page. It helps prevent malicious code from running on your website. However, the value assigned to the sandbox attribute in your iframe element includes both the allow-scripts and allow-same-origin options. This combination essentially removes all the protections that the sandbox attribute provides and allows the embedded document to break out of the sandbox.
To fix this issue, you should remove the allow-scripts and allow-same-origin values from the sandbox attribute. Instead, you should explicitly enable only the permissions that the embedded document requires.
Here’s an example iframe element with the proper use of sandbox:
<iframe src="https://example.com" sandbox="allow-forms allow-popups"></iframe>This iframe element loads the https://example.com URL and has its sandbox attribute set to only allow-forms and allow-popups. This explicitly enables only the permissions that the embedded document may need, while also retaining the protections of the sandbox attribute.
The sizes attribute for an img element requires valid CSS syntax, and auto is not an acceptable value within that attribute.
The sizes attribute allows you to specify a list of media conditions and corresponding sizes for the images. Each condition determines which size of the image should be displayed at different viewport widths, ensuring responsive image delivery. The syntax for sizes should be a comma-separated list of media queries followed by a value denoting the corresponding width of the image. This width value may be in pixels (px) or as a percentage (vw, vh), but auto is not valid in this context.
Here is a breakdown of a correct sizes attribute usage:
- 50vw: This denotes that the image should take up 50% of the viewport’s width.
- (max-width: 600px) 100vw, 50vw: When the viewport is at most 600 pixels wide, the image should occupy the full width (100vw). Otherwise, it should take 50 percent of the viewport width.
Remove “auto” from your sizes value and provide a valid, contextually correct CSS value.
Example
<!DOCTYPE html>
<html lang="en">
<head>
<title>Responsive Images Example</title>
</head>
<body>
<img
src="image.jpg"
sizes="(max-width: 472px) 100vw, 472px"
srcset="image-small.jpg 300w, image-medium.jpg 600w, image-large.jpg 1000w"
alt="A description of the image"
>
</body>
</html>In this example, if the viewport width is less than or equal to 472 pixels, the image will take up the entire width (100vw). For larger widths, the srcset specifies different image files for varying resolutions.
The sizes attribute contains an empty source size, probably due to a trailing comma.
According to the HTML standard, the sizes attribute on the img element must contain a valid source size list. Each size is separated by a comma, and there must not be a trailing comma because that would create an empty entry, which is not allowed.
An example of an invalid sizes attribute:
<img
src="image.jpg"
alt=""
sizes="(min-width: 2200px) 100vw, (min-width: 856px) 461px, (min-width: 784px) 615px, "
srcset="image-2200.jpg 2200w, image-856.jpg 856w">To fix the validation error, remove the trailing comma so the size list does not end with an empty value:
<img
src="image.jpg"
alt=""
sizes="(min-width: 2200px) 100vw, (min-width: 856px) 461px, (min-width: 784px) 615px"
srcset="image-2200.jpg 2200w, image-856.jpg 856w">Each value in the sizes attribute should be a valid media condition and source size, separated only by commas, with no trailing or empty values.
The sizes attribute on the img element must use CSS length units (such as px, vw, em) and not image width descriptors like w.
The sizes attribute defines the intended display size of the image in CSS length units, which helps the browser select the appropriate image from the srcset. Use units like px (pixels) or vw (viewport width percentage), not w, which is used in the srcset descriptors. The srcset attribute specifies different image resources and their width descriptors (e.g., 860w), while sizes reflects the image’s display size in the layout.
Correct usage:
- sizes="(min-width: 568px) 140px" tells the browser the image will be displayed as 140 pixels wide when the viewport is at least 568 pixels wide.
- srcset="photo.png?w=860&q=90 860w" uses w as the descriptor for the image resource’s width.
HTML example:
<img
alt=""
sizes="(min-width: 568px) 140px"
srcset="photo.png?w=860&q=90 860w"
src="photo.png?w=860&q=90">Summary:
- Use CSS units like px, vw, etc. in the sizes attribute.
- Use the w descriptor only in srcset, not in sizes.
The src attribute contains square brackets ([ or ]) in the URL’s query string, which are not permitted in valid HTML URLs.
According to the HTML standard, attribute values such as URLs must conform to valid URI syntax. Unencoded square brackets are reserved characters in URI syntax and must be percent-encoded. Specifically, [ should be replaced with %5B and ] with %5D. This ensures the URL is correctly interpreted by browsers and validators. For example, a URL parameter like sort=[asc] should be coded as sort=%5Basc%5D.
Correct HTML Example:
<iframe src="/page?time=%5Btimestamp%5D"></iframe>Always encode reserved characters in URLs when using them in HTML attribute values to ensure W3C compliance.
An <iframe> element allows to embed an HTML document inside another HTML document, and its src attribute is indicated the source URL of the embedded web page. The query part of that URL contains one or more space characters, which are not allowed, for example:
<iframe src="https://maps.google.it/maps?q=2700 6th Avenue"></iframe>You should properly escape all space characters as %20 like this:
<iframe src="https://maps.google.it/maps?q=2700%206th%20Avenue"></iframe>This error message indicates that there is a backslash (\) used in a URL, which is not a valid character for URL paths.
You’ll need to replace the backslashes with forward slashes (/) in the URL path segments.
Here’s an example of a correct img tag using a valid URL path:
<img src="https://example.com/img/small/photo.png" alt="example image">Also, make sure that the URL is correct and that the image file actually exists in the specified location.
The src attribute on an element <img> contains a character which is not allowed unless properly encoded.
Special characters needing encoding are: :, /, ?, #, [, ], @, !, $, &, ', (, ), *, +, ,, ;, =, as well as % itself.
For example, this image tag is incorrect because the src attribute contains an the unallowed characters [ and ]:
<img src="image[00].svg" alt="logo">Instead, this is the properly percent-encoded src attribute, where [ has been replaced with %5B and ] with %5D.
<img src="image%5B00%5D.svg" alt="logo">Space characters are not allowed in src attributes. Instead, they should be converted to %20. In this example, the first line is invalid and the second is valid:
<img src="https://example.com/?s=some term" alt="description" />
<img src="https://example.com/?s=some%20term" alt="description" />The src attribute on an element <img> contains a character that is not allowed, and should be encoded.
Some typical examples include the pipe character | that should be replaced by its encoded alternative %7C , and the left square bracket [ that needs to be encoded as %5B.
The src attribute on an <img> tag is not allowed to contain space characters. You should replace them with “%20“.
URLs need to be encoded so that special characters area escaped, for example space characters need to be converted to “%20”. All special characters will therefore be converted to a percent sign followed by two hexadecimal characters, to be later decoded. In case a percentage sign (%) is found without being followed by two hexadecimal digits, a decoding error will be raised.
The most probable cause is an URL that contains a % that has not been properly encoded to %25 which is the code for the percent sign. For example:
<!-- This is invalid as the percentage sign has not been properly encoded -->
<img alt="" src="https://example.com/img.jpg?width=48%" />
<!-- This is valid as the percentage sign has been encoded as %25 -->
<img alt="" src="https://example.com/img.jpg?width=48%25" />To fix the issue of having a bad value for the src attribute on an img element due to having a tab, new line, or carriage return, you need to ensure that the src attribute does not contain any additional whitespace characters like tab, new line, or carriage return.
Incorrect code:
<img src="images/example.jpg
" alt="Example Image">Corrected code:
<img src="images/example.jpg" alt="Example Image">By removing the extra whitespace characters (new line in this case) and ensuring that the src attribute value is properly enclosed within quotes, the issue should be resolved.
The issue arises from the space character in the src attribute value of the script element. In URLs, spaces are not allowed and should be properly encoded to avoid validation errors.
Fix
Replace spaces with %20, which is the URL-encoded representation of a space.
Example
Before:
<script src="https://example.com/media assets/app.js"></script>After:
<script src="https://example.com/media%20assets/app.js"></script>Explanation
In this example, the space between “media” and “assets” in the URL is replaced with %20. This change ensures that the URL conforms to standards and is correctly processed by browsers and servers. Spaces and other special characters in URLs must be encoded to ensure proper formatting and accessibility.
The src attribute value is malformed, check that it doesn’t contain extraneous characters.
For example, this is invalid because the URL in the src attribute contains a space in between the https: and // parts:
<a href="https: //example.com">Some link</a>To fix this issue, you can try removing the space after “https:” in the URL in the src attribute:
<a href="https://example.com">Some link</a>The srcset property on img elements, when used, requires at least one value. This property is a string which identifies one or more image candidate strings, separated using commas (,) each specifying image resources to use under given circumstances.
Each image candidate string contains an image URL and an optional width or pixel density descriptor that indicates the conditions under which that candidate should be used instead of the image specified by the src property.
Example:
<img
src="/img/cat-200px.png"
alt="Cat"
srcset="
/img/cat-200px.png 1x,
/img/cat-400px.png 2x
">The srcset attribute requires a width descriptor (w) or pixel density descriptor (x) for each image candidate when the sizes attribute is present.
When using the sizes attribute on an img element, each entry in srcset must include either a width descriptor (e.g., 860w) or a pixel density descriptor (e.g., 2x). This tells browsers how to select the most appropriate image source for the current viewport or display density. Omitting the descriptor leads to HTML validation errors and unexpected image selection.
Correct usage with width descriptors:
<img
alt=""
sizes="(min-width:568px) 140px"
srcset="photo.png?w=860&q=90 860w"
src="photo.png?w=860&q=90">Correct usage with pixel density descriptors (if sizes is removed):
<img
alt=""
srcset="photo.png?w=860&q=90 2x"
src="photo.png?w=860&q=90">Key points:
- With sizes, use width descriptors (e.g., 860w).
- Without sizes, you may use pixel density descriptors (e.g., 2x).
- Always use either px or w units in the sizes attribute values; do not use w.
URLs need to be encoded so that special characters area escaped, for example space characters need to be converted to “%20”. All special characters will therefore be converted to a percent sign followed by two hexadecimal characters, to be later decoded. In case a percentage sign (%) is found without being followed by two hexadecimal digits, a decoding error will be raised.
The most probable cause is an URL that contains a % that has not been properly encoded to %25 which is the code for the percent sign. For example:
<!-- This is invalid as the percentage sign has not been properly encoded -->
<img alt="" src="https://example.com/img.jpg?width=48%" />
<!-- This is valid as the percentage sign has been encoded as %25 -->
<img alt="" src="https://example.com/img.jpg?width=48%25" />Ensure all descriptors in the srcset have positive widths greater than zero. In the srcset attribute, each source candidate consists of a URL followed by a width descriptor, which should be a positive integer followed by w.
The issue arises from using 0w, which is not valid as width descriptors must be positive numbers. The srcset attribute allows browsers to choose the appropriate image from different candidates based on device resolution and screen size, so specifying a meaningful width is important.
Here’s how you can fix it:
- Verify that each candidate in the srcset includes a valid URL and a width descriptor greater than zero.
- Decide the relevant width for your images and update the descriptors accordingly.
Here’s a corrected example of how to use the srcset attribute:
<picture>
<source
srcset="/images/icon_small_1x.png 300w,
/images/icon_small_2x.png 600w"
media="(max-width: 600px)">
<img src="/images/icon_fallback.png"
alt="App Logo">
</picture>In this example, each image in srcset has a positive width descriptor: 300w and 600w. This ensures that the browser can make an appropriate choice based on the current viewport and resolution, adhering to the W3C HTML standards.
The srcset property on source elements, when used, requires at least one value.
The <source> HTML element specifies multiple media resources for the <picture>, the <audio> element, or the <video> element. It is a void element, meaning that it has no content and does not have a closing tag. It is commonly used to offer the same media content in multiple file formats in order to provide compatibility with a broad range of browsers given their differing support for image file formats and media file formats.
The srcset attribute is required if the source element’s parent is a <picture> element, but not allowed if the source element’s parent is an <audio> or <video> element.
The sizes attribute is used to complement the srcset attribute on an <img> tag for responsive images. When this attribute is present, all image candidates must specify its width.
The value used in the target property of an <a> element has been identified as a keyword because it starts with an underscore _, but it’s not a valid keyword.
Values starting with an underscore for the target property are used for reserved keywords like _blank, _self, _parent or _top.
The value provided on the type attribute of an a element is not a valid MIME type.
The type attribute expects a MIME type that hints at the linked URL’s format.
The type attribute on <a> elements, when present, gives a hint on the MIME type of the linked resource, for example:
<a href="application/pdf" src="book.pdf">Read our book</a>
<a href="image/jpeg" src="photo.jpeg">See a photo</a>That is, we’re talking about the type of the linked resource, not the type of the <a> element, as it’s sometimes misunderstood. The following example is invalid because button is not a valid MIME type.
<a href="/order.php" type="button">Submit</a>