Unescaping special characters in table links doesn't work

[bogdan-brezuica]

Describe the bug Table links escape special characters between brackets, but they cannot be unescaped. For example: [AT&T](https://...) results in a link with the text AT&T. Trying to unescape the special character like this doesn't work: [AT&T](https://...) results in AT&T instead of AT&T

To reproduce Check the links examples here http://ui.tradeshift.com/v12/#components/table/formatting.html

Expected behavior We should be able to unescape special characters

[zdlm]

Because of the security issue, We transfer the unsafe text to safe html. For example : & -> &. Do you have another way to work around. I don't want to break the security check right now. @bogdan-brezuica

[bogdan-brezuica]

Can't we optionally have a more loose security check? For example only escaping characters like "<" and ">"? In our case, the link text is a company name, which has special characters like "&" in their name quite often. For example, React does all the unescaping by default so it is not vulnerable to xss attacks (except when using "dangerouslySetInnerHtml" and the name is quite descriptive). Can we do something similar?