decoded html entities in href

[fr3akX]

href attribute value has decoded html entities in output.

Example

        String input = "" +
                "<a href=\"/index.php?action=1&order_id=1\">order</a>";
        System.out.println(Sanitizers.LINKS.sanitize(input));

output

<a href="/index.php?action&#61;1ℴ_id&#61;1" rel="nofollow">order</a>

&order is decoded as ℴ, which renders invalid link

[yangbongsoo]

@fr3akX Hello. I think - and _ char may be treated in plain letters. What do you think?