Fix auto-linking with escaped HTML entities

We displayed the correct text as the link text (without double-encoding), but
didn't do the same for the actual link target, so any link containing an
ampersand would break when auto-linked.

changelogs/unreleased/44649-reference-parsing-conflicting-with-auto-linking.yml

@@ -0,0 +1,5 @@
+---
+title: Fix autolinking URLs containing ampersands
+merge_request: 18045
+author:
+type: fixed

lib/banzai/filter/autolink_filter.rb

@@ -105,8 +105,12 @@ module Banzai
           end
         end
 
-        options = link_options.merge(href: match)
-        content_tag(:a, match.html_safe, options) + dropped
+        # match has come from node.to_html above, so we know it's encoded
+        # correctly.
+        html_safe_match = match.html_safe
+        options = link_options.merge(href: html_safe_match)
+
+        content_tag(:a, html_safe_match, options) + dropped
       end
 
       def autolink_filter(text)

spec/lib/banzai/filter/autolink_filter_spec.rb

@@ -167,6 +167,15 @@ describe Banzai::Filter::AutolinkFilter do
       expect(actual).to eq(expected_complicated_link)
     end
 
+    it 'does not double-encode HTML entities' do
+      encoded_link = "#{link}?foo=bar&baz=quux"
+      expected_encoded_link = %Q{<a href="#{encoded_link}">#{encoded_link}</a>}
+      actual = unescape(filter(encoded_link).to_html)
+
+      expect(actual).to eq(Rinku.auto_link(encoded_link))
+      expect(actual).to eq(expected_encoded_link)
+    end
+
     it 'does not include trailing HTML entities' do
       doc = filter("See &lt;&lt;&lt;#{link}&gt;&gt;&gt;")