HTML: Should I encode greater than or not? ( > > )

Question

When encoding possibly unsafe data, is there a reason to encode >?

• It validates either way.
• The browser interprets the same either way

Answer 1

Strictly speaking, to prevent HTML injection, you need only encode < as <.

If user input is going to be put in an attribute, also encode " as ".

If you're doing things right and using properly quoted attributes, you don't need to worry about >. However, if you're not certain of this you should encode it just for peace of mind - it won't do any harm.