So having a " in your URL is worse than having an &? Neither are representable in HTML, so you're going to have to deal with escaping whether you want to or not. And if you're already escaping & to &, it's pretty easy to escape " to ". Which you should already be doing anyway. (Never put a literal [&<>"'], in your (x)html document, please.)