HTML: Should I encode greater than or not? ( > > )

Question

When encoding possibly unsafe data, is there a reason to encode >?

• It validates either way.
• The browser interprets the same either way

Answer 1

Always

This is to prevent XSS injections (through users using any of your forms to submit raw HTML or javascript). By escaping your output, the browser knows not to parse or execute any of it - only display it as text.

This may feel like less of an issue if you're not dealing with dynamic output based on user input, however it's important to at least understand, if not to make a good habit.