diff --git a/src/lib/utils/url-link-converter.js b/src/lib/utils/url-link-converter.js
index 94cbe77..cff1cc1 100644
--- a/src/lib/utils/url-link-converter.js
+++ b/src/lib/utils/url-link-converter.js
@@ -64,7 +64,8 @@ export function convertUrlsToLinks(text) {
// Add the URL as a clickable link
const url = match[0];
- result += `${url}`;
+ const escapedUrl = escapeHtml(url);
+ result += `${escapedUrl}`;
lastIndex = httpsUrlRegex.lastIndex;
}
@@ -91,4 +92,4 @@ export function convertUrlsToLinks(text) {
});
return result;
-}
\ No newline at end of file
+}
diff --git a/src/lib/utils/url-link-converter.test.js b/src/lib/utils/url-link-converter.test.js
new file mode 100644
index 0000000..158ef8b
--- /dev/null
+++ b/src/lib/utils/url-link-converter.test.js
@@ -0,0 +1,12 @@
+import { describe, expect, it } from 'vitest';
+
+import { convertUrlsToLinks } from './url-link-converter.js';
+
+describe('convertUrlsToLinks', () => {
+ it('escapes ampersands inside linked URLs', () => {
+ const html = convertUrlsToLinks('See https://example.com/search?a=1&b=2');
+
+ expect(html).toContain('href="https://example.com/search?a=1&b=2"');
+ expect(html).toContain('>https://example.com/search?a=1&b=2');
+ });
+});