Ampersands in URLs are not escaped as character entity references. The problem here is that Magento route paths are not part of the URL query string, further there is no way to make out if a call of Mage_Core_Model_Url::getUrl() is used for a script or just in plain Markup. An hmlspecialchars-property for TypoScript routes could be helpful to force the conversion in this particular case, or to suppress it.
Ampersands in URLs are not escaped as character entity references. The problem here is that Magento
route pathsare not part of the URL query string, further there is no way to make out if a call ofMage_Core_Model_Url::getUrl()is used for a script or just in plain Markup. Anhmlspecialchars-property for TypoScript routes could be helpful to force the conversion in this particular case, or to suppress it.