HTML 4 states pretty which characters should be escaped:
Four character entity references deserve special mention since theyare frequently used to escape special characters:
- "<" represents the < sign.
- ">" represents the > sign.
- "&" represents the & sign.
- "" represents the " mark.
Authors wishingto put the "<" character in text should use "<" (ASCII decimal 60)to avoid possible confusion with the beginning of a tag (start tagopen delimiter). Similarly, authors should use ">" (ASCII decimal62) in text instead of ">" to avoid problems with older user agentsthat incorrectly perceive this as the end of a tag (tag closedelimiter) when it appears in quoted attribute values.
Authors should use "&" (ASCII decimal 38) instead of "&" to avoidconfusion with the beginning of a character reference (entityreference open delimiter). Authors should also use "&" inattribute values since character references are allowed within CDATAattribute values.
Some authors use the character entity reference """ to encodeinstances of the double quote mark (") since that character may beused to delimit attribute values.
I'm surprised I can't find anything like this in HTML 5. With the help of grep the only non-XML mention I could find comes as an aside regarding the deprecated XMP element:
Use pre and code instead, and escape "<" and "&" characters as "<" and "&" respectively.
Could somewhat point to the official source on this matter?