decoded html entities in href

href attribute value has decoded html entities in output.

Example

 String input = "" + "<a href=\"/index.php?action=1&order_id=1\">order</a>"; System.out.println(Sanitizers.LINKS.sanitize(input));

output

<a href="/index.php?action&#61;1ℴ_id&#61;1" rel="nofollow">order</a>

&order is decoded as ℴ, which renders invalid link

Provide feedback